cpe:/a:glyphandcog:xpdfreader:4.01.01 CVE-2019-12957 2019-06-24T20:15:09.297-04:00 2019-06-25T13:04:01.097-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-06-25T12:03:33.100-04:00 MISC https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813 In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.