cve/2019/CVE-2019-13288.md

CVE-2019-13288

Description

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

POC

Reference

No PoCs from references.

Github

• https://github.com/ARPSyndicate/cve-scores
• https://github.com/ARPSyndicate/cvemon
• https://github.com/EsharkyTheGreat/Xpdf-4.04-InfiniteStackRecursion
• https://github.com/Fineas/CVE-2019-13288-POC
• https://github.com/Sonic-lab2307/EthicalHacking_Lab
• https://github.com/WildWestCyberSecurity/CVE-2019-13288
• https://github.com/asur4s/blog
• https://github.com/asur4s/fuzzing
• https://github.com/ch1hyun/fuzzing-class
• https://github.com/chiehw/fuzzing
• https://github.com/gleaming0/CVE-2019-13288
• https://github.com/plzheheplztrying/cve_monitor