CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
freedesktoppoppler
0.74.0
debiandebian_linux
8.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
bionic
Fixed 0.62.0-2ubuntu2.8
released
cosmic
Fixed 0.68.0-0ubuntu1.6
released
disco
Fixed 0.74.0-0ubuntu1.2
released
trusty
Fixed 0.24.5-2ubuntu4.17
released
xenial
Fixed 0.41.0-0ubuntu1.13
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpoppler-cpp0
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
libpoppler-devel
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
libpoppler-glib-devel
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
libpoppler-glib8
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
libpoppler73
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
poppler-tools
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
typelib-1_0-Poppler-0_18
suse enterprise sap 15
0.62.0-4.6.1
fixed
suse enterprise sap 15 SP1
0.62.0-4.6.1
fixed
suse enterprise server 15
0.62.0-4.6.1
fixed
suse enterprise server 15 SP1
0.62.0-4.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
evince
RHEL 7
0:3.28.2-8.el7
fixed
evince-browser-plugin
RHEL 7
0:3.28.2-8.el7
fixed
evince-devel
RHEL 7
0:3.28.2-8.el7
fixed
evince-dvi
RHEL 7
0:3.28.2-8.el7
fixed
evince-libs
RHEL 7
0:3.28.2-8.el7
fixed
evince-nautilus
RHEL 7
0:3.28.2-8.el7
fixed
okular
RHEL 7
0:4.10.5-7.el7
fixed
okular-devel
RHEL 7
0:4.10.5-7.el7
fixed
okular-libs
RHEL 7
0:4.10.5-7.el7
fixed
okular-part
RHEL 7
0:4.10.5-7.el7
fixed
poppler
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-cpp
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-cpp-devel
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-demos
RHEL 7
0:0.26.5-38.el7
fixed
poppler-devel
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-glib
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-glib-devel
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-qt
RHEL 7
0:0.26.5-38.el7
fixed
poppler-qt-devel
RHEL 7
0:0.26.5-38.el7
fixed
poppler-qt5
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-qt5-devel
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
poppler-utils
RHEL 7
0:0.26.5-38.el7
fixed
RHEL 8
0:0.66.0-11.el8_0.12
fixed
RHEL 8.0 E4S
0:0.66.0-11.el8_0.12
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107172
https://access.redhat.com/errata/RHSA-2019:2022
https://access.redhat.com/errata/RHSA-2019:2713
https://gitlab.freedesktop.org/poppler/poppler/issues/728
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/
https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/
https://usn.ubuntu.com/3905-1/
https://usn.ubuntu.com/4042-1/
http://www.securityfocus.com/bid/107172
https://access.redhat.com/errata/RHSA-2019:2022
https://access.redhat.com/errata/RHSA-2019:2713
https://gitlab.freedesktop.org/poppler/poppler/issues/728
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/
https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/
https://usn.ubuntu.com/3905-1/
https://usn.ubuntu.com/4042-1/