HIGH🇬🇧 English

CVE-2019-9545

CVSS 8.8v3.0pub. 2019-03-01upd. 2024-11-21

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Freedesktop Poppler

    APP
    Freedesktop
    0.74.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2019-9631CRITICAL9.8ten sam produkt

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

CVE-2021-30860HIGH7.8⚠ KEVten sam produkt

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-...

CVE-2024-6239HIGH7.5ten sam produkt

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo ...

CVE-2020-23804HIGH7.5ten sam produkt

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of ...

CVE-2022-38784HIGH7.8ten sam produkt

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTex...

CVE-2019-9545 — HIGH 8.8 | CVEbaza.pl