CVE-2019-9903
21.03.2019, 18:29
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.74.0 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpoppler-cpp0 |
| ||||||||||||||
| libpoppler-devel |
| ||||||||||||||
| libpoppler-glib-devel |
| ||||||||||||||
| libpoppler-glib8 |
| ||||||||||||||
| libpoppler-qt4-4 |
| ||||||||||||||
| libpoppler60 |
| ||||||||||||||
| libpoppler73 |
| ||||||||||||||
| poppler-tools |
| ||||||||||||||
| typelib-1_0-Poppler-0_18 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| poppler |
| ||||
| poppler-cpp |
| ||||
| poppler-cpp-devel |
| ||||
| poppler-devel |
| ||||
| poppler-glib |
| ||||
| poppler-glib-devel |
| ||||
| poppler-qt5 |
| ||||
| poppler-qt5-devel |
| ||||
| poppler-utils |
|
Common Weakness Enumeration
References