Headline
CVE-2019-13286
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
Related news
CVE-2022-24107: Xpdf Security Fixes
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.