Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2019-9877

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Published: Mar 21, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-9877
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-125
CWE-787

Affected Software
References

Software	From	Fixed in
xpdfreader / xpdf	4.0.1	4.0.1.x

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265
https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo