CVE-2019-14934

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14934
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14934.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14934
Downstream
Related
Published
2019-08-11T22:15:11Z
Modified
2025-09-19T10:34:28.160123Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in PDFResurrect before 0.18. pdfloadpages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.

References

Affected packages

Git / github.com/enferex/pdfresurrect

Affected ranges

Type
GIT
Repo
https://github.com/enferex/pdfresurrect
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0c4120fffa3dffe97b95c486a120eded82afe8a6

Affected versions

v0.*

v0.12
v0.13
v0.14
v0.15
v0.16
v0.17

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "pdf.c",
                "function": "pdf_new"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "length": 411.0,
                "function_hash": "256762083501416603035630189130717321116"
            },
            "signature_type": "Function",
            "id": "CVE-2019-14934-15db9f66"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "main.h"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "line_hashes": [
                    "77550204864934512861691379411606033135"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2019-14934-2510bbcd"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "pdf.c",
                "function": "load_xref_from_plaintext"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "length": 1706.0,
                "function_hash": "48934365315674630234225596062129451311"
            },
            "signature_type": "Function",
            "id": "CVE-2019-14934-6bca77a9"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "pdf.c",
                "function": "get_object"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "length": 1324.0,
                "function_hash": "58635718599131693217587185458041454427"
            },
            "signature_type": "Function",
            "id": "CVE-2019-14934-79add9eb"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "main.c"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "line_hashes": [
                    "8453129989799462549625768825652279104",
                    "99530902912696310155202760077583412971",
                    "263789281847861437657419263367130839764",
                    "40093693050038650973610115055865087694",
                    "195762686309494098847226134441540771337",
                    "213733784580435541426190752691248932044",
                    "271437894462184597772681304616982755120",
                    "279007304580546757892162788787963212628",
                    "36619885542697655876905904156221089162",
                    "193381253870895511045362551388566296032",
                    "68211198074068728073314749322967623862"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2019-14934-8058a0bd"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "pdf.c",
                "function": "pdf_load_xrefs"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "length": 1795.0,
                "function_hash": "325304485965751155243122437109992761270"
            },
            "signature_type": "Function",
            "id": "CVE-2019-14934-d3cf275f"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "pdf.c",
                "function": "get_header"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "length": 306.0,
                "function_hash": "49745236901477109303946366760120247159"
            },
            "signature_type": "Function",
            "id": "CVE-2019-14934-f0b64b3c"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "pdf.c"
            },
            "deprecated": false,
            "source": "https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6",
            "digest": {
                "line_hashes": [
                    "268273926068758734056256075221191754643",
                    "169994098497221076449878214494719241089",
                    "1223739350107562493354016399320061662",
                    "176497472191781189226379682557754201526",
                    "282205922933228270404566573370762426697",
                    "260181441558037407599593109788573902514",
                    "191126972468617502371386837034164241367",
                    "299189483496189035622460523856866872060",
                    "110540770146931969867386605517569909795",
                    "85878818426568453576324201150584045639",
                    "68062500688153715834220096481784014949",
                    "163415804638944167511257389352632086249",
                    "214525089734176831586762927983064466067",
                    "116476472887827962984265632618014525082",
                    "251343443163535428846508345180430432155",
                    "22538543802820471354439062993839377423",
                    "37024084632818626181079309694738587944",
                    "69622802471060449691176575022365776546",
                    "282093569213571388689947168342871286455",
                    "240383590169946072289977169315953016800",
                    "93413984929112082925602786465000372940",
                    "312304943219526437521288686604261261901",
                    "112967292899666047622385164009660699052",
                    "48505500378436910448633747041365270793",
                    "161549004012120452569306843293306914465",
                    "2701174797233355839916074321577437246",
                    "174208329816497157813305367820761893112",
                    "22031510781211203305026291240495223835",
                    "283881357162004280958057057566801164661",
                    "112157753924922027756319803903750652613",
                    "142461620309279005631855992303049312787",
                    "32765573441743220648559235849853200626",
                    "19507934344298856034909852722035432701",
                    "294551937220830993921857588055672458968",
                    "213934481633932873550800769782986177966",
                    "330241373759005916819729349663440108152",
                    "46410259376222430955351602174787174475",
                    "148185064150146256905608088678192475271",
                    "272886130577751105247700653650708581005",
                    "97074372526294746068327671854355351103",
                    "332888570291388733399927404292502672093",
                    "199729256583163704759073122295866848916",
                    "170131629266426561397621723114280184576",
                    "66130561064676095891159986328236158062",
                    "140051216598213548315519547919510787265",
                    "129410460819032184012843159128190878859",
                    "106821631990123657696466870123816726178",
                    "144574010844810691036817496746292302331",
                    "16289969439010543607636456072016621395",
                    "270743833535122959267115028609378908417",
                    "235913489571026782893848565876734520998",
                    "21178081986711556680337517148292907538",
                    "126604359106623566770259428789398788262",
                    "8525622703922830153812401378347619616",
                    "183692961265600505142532072818287628756",
                    "191525734366163183458197813779896916055"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2019-14934-fe7fcc70"
        }
    ]
}