CVE-2019-14267

HIGH

PDFResurrect 0.15 - Buffer Overflow

Title source: llm

Description

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.

Exploits (2)

exploitdb WORKING POC VERIFIED

by j0lama · textdoslinux

https://www.exploit-db.com/exploits/47178

View Code ZIP pw:eip

nomisec STUB 2 stars

by snappyJack · poc

https://github.com/snappyJack/pdfresurrect_CVE-2019-14267

View Code ZIP pw:eip

References (6)

[Product, Release Notes] https://github.com/enferex/pdfresurrect/commits/master

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF/

[Third Party Advisory] https://github.com/snappyJack/pdfresurrect_CVE-2019-14267

Scores

CVSS v3 7.8

EPSS 0.1732

EPSS Percentile 95.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

fedoraproject/fedora 29

fedoraproject/fedora 30

fedoraproject/fedora 31

pdfresurrect_project/pdfresurrect 0.15

Published Jul 29, 2019

Tracked Since Feb 18, 2026