{"id":"CVE-2019-14934","details":"An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.","modified":"2026-03-20T03:26:43.312299Z","published":"2019-08-11T22:15:11.080Z","related":["MGASA-2019-0419"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html"},{"type":"FIX","url":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6"},{"type":"FIX","url":"https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/enferex/pdfresurrect","events":[{"introduced":"0"},{"fixed":"4423854ce825a16c54986eed2b449e65289035be"},{"fixed":"0c4120fffa3dffe97b95c486a120eded82afe8a6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.18"}]}}],"versions":["v0.12","v0.13","v0.14","v0.15","v0.16","v0.17"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14934.json","vanir_signatures":[{"id":"CVE-2019-14934-15db9f66","deprecated":false,"digest":{"length":411,"function_hash":"256762083501416603035630189130717321116"},"signature_type":"Function","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"function":"pdf_new","file":"pdf.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-2510bbcd","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["77550204864934512861691379411606033135"]},"signature_type":"Line","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"file":"main.h"},"signature_version":"v1"},{"id":"CVE-2019-14934-6bca77a9","deprecated":false,"digest":{"length":1706,"function_hash":"48934365315674630234225596062129451311"},"signature_type":"Function","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"function":"load_xref_from_plaintext","file":"pdf.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-79add9eb","deprecated":false,"digest":{"length":1324,"function_hash":"58635718599131693217587185458041454427"},"signature_type":"Function","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"function":"get_object","file":"pdf.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-8058a0bd","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["8453129989799462549625768825652279104","99530902912696310155202760077583412971","263789281847861437657419263367130839764","40093693050038650973610115055865087694","195762686309494098847226134441540771337","213733784580435541426190752691248932044","271437894462184597772681304616982755120","279007304580546757892162788787963212628","36619885542697655876905904156221089162","193381253870895511045362551388566296032","68211198074068728073314749322967623862"]},"signature_type":"Line","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"file":"main.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-a77455dc","deprecated":false,"digest":{"length":948,"function_hash":"232083020221007825060946534812671885074"},"signature_type":"Function","source":"https://github.com/enferex/pdfresurrect/commit/4423854ce825a16c54986eed2b449e65289035be","target":{"function":"usage","file":"main.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-d3cf275f","deprecated":false,"digest":{"length":1795,"function_hash":"325304485965751155243122437109992761270"},"signature_type":"Function","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"function":"pdf_load_xrefs","file":"pdf.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-d9e6aa3d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["63023463134445691377990943258895530884","8922089011033480916915310265425231578","181734697477901689942267937474342698268","200306455022106208802681589981078022726"]},"signature_type":"Line","source":"https://github.com/enferex/pdfresurrect/commit/4423854ce825a16c54986eed2b449e65289035be","target":{"file":"main.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-f0b64b3c","deprecated":false,"digest":{"length":306,"function_hash":"49745236901477109303946366760120247159"},"signature_type":"Function","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"function":"get_header","file":"pdf.c"},"signature_version":"v1"},{"id":"CVE-2019-14934-fe7fcc70","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["268273926068758734056256075221191754643","169994098497221076449878214494719241089","1223739350107562493354016399320061662","176497472191781189226379682557754201526","282205922933228270404566573370762426697","260181441558037407599593109788573902514","191126972468617502371386837034164241367","299189483496189035622460523856866872060","110540770146931969867386605517569909795","85878818426568453576324201150584045639","68062500688153715834220096481784014949","163415804638944167511257389352632086249","214525089734176831586762927983064466067","116476472887827962984265632618014525082","251343443163535428846508345180430432155","22538543802820471354439062993839377423","37024084632818626181079309694738587944","69622802471060449691176575022365776546","282093569213571388689947168342871286455","240383590169946072289977169315953016800","93413984929112082925602786465000372940","312304943219526437521288686604261261901","112967292899666047622385164009660699052","48505500378436910448633747041365270793","161549004012120452569306843293306914465","2701174797233355839916074321577437246","174208329816497157813305367820761893112","22031510781211203305026291240495223835","283881357162004280958057057566801164661","112157753924922027756319803903750652613","142461620309279005631855992303049312787","32765573441743220648559235849853200626","19507934344298856034909852722035432701","294551937220830993921857588055672458968","213934481633932873550800769782986177966","330241373759005916819729349663440108152","46410259376222430955351602174787174475","148185064150146256905608088678192475271","272886130577751105247700653650708581005","97074372526294746068327671854355351103","332888570291388733399927404292502672093","199729256583163704759073122295866848916","170131629266426561397621723114280184576","66130561064676095891159986328236158062","140051216598213548315519547919510787265","129410460819032184012843159128190878859","106821631990123657696466870123816726178","144574010844810691036817496746292302331","16289969439010543607636456072016621395","270743833535122959267115028609378908417","235913489571026782893848565876734520998","21178081986711556680337517148292907538","126604359106623566770259428789398788262","8525622703922830153812401378347619616","183692961265600505142532072818287628756","191525734366163183458197813779896916055"]},"signature_type":"Line","source":"https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6","target":{"file":"pdf.c"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}