CVE-2019-9543
First published: Fri Mar 01 2019(Updated: )
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| freedesktop poppler | =0.74.0 | |
| =0.74.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9543?
CVE-2019-9543 is a vulnerability discovered in Poppler 0.74.0 that allows an attacker to cause Denial of Service or potentially execute arbitrary code.
How severe is CVE-2019-9543?
CVE-2019-9543 has a severity score of 8.8, indicating a high severity.
How can CVE-2019-9543 be exploited?
CVE-2019-9543 can be exploited by sending a crafted PDF file to an affected binary, such as the pdfseparate tool.
What is the affected software for CVE-2019-9543?
The affected software for CVE-2019-9543 is Poppler 0.74.0.
Is there a fix available for CVE-2019-9543?
Yes, a fix is available for CVE-2019-9543. Users should update to a version of Poppler that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/freedesktop
- canonical/freedesktop poppler
- version/freedesktop poppler/0.74.0