The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/109342 | Broken Link |
https://access.redhat.com/errata/RHSA-2019:2713 | Third Party Advisory |
https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2019-07-22 15:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-9959
Mitre link : CVE-2019-9959
CVE.ORG link : CVE-2019-9959
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
redhat
- enterprise_linux_server_tus
- enterprise_linux_server_aus
- enterprise_linux
- enterprise_linux_eus
freedesktop
- poppler
CWE
CWE-190
Integer Overflow or Wraparound