CVE-2019-9959
22.07.2019, 15:15
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 𝑥 ≤ 0.78.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| emscripten |
| ||||||||||||||||||||||||||||
| poppler |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpoppler-cpp0 |
| ||||||||||||||
| libpoppler-devel |
| ||||||||||||||
| libpoppler-glib-devel |
| ||||||||||||||
| libpoppler-glib8 |
| ||||||||||||||
| libpoppler-qt4-4 |
| ||||||||||||||
| libpoppler60 |
| ||||||||||||||
| libpoppler73 |
| ||||||||||||||
| poppler-tools |
| ||||||||||||||
| typelib-1_0-Poppler-0_18 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||
|---|---|---|---|---|---|---|---|
| evince |
| ||||||
| evince-browser-plugin |
| ||||||
| evince-devel |
| ||||||
| evince-dvi |
| ||||||
| evince-libs |
| ||||||
| evince-nautilus |
| ||||||
| poppler |
| ||||||
| poppler-cpp |
| ||||||
| poppler-cpp-devel |
| ||||||
| poppler-demos |
| ||||||
| poppler-devel |
| ||||||
| poppler-glib |
| ||||||
| poppler-glib-devel |
| ||||||
| poppler-qt |
| ||||||
| poppler-qt-devel |
| ||||||
| poppler-qt5 |
| ||||||
| poppler-qt5-devel |
| ||||||
| poppler-utils |
|
References