CVE-2019-9545
First published: Fri Mar 01 2019(Updated: )
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Poppler Utilities | =0.74.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-9545?
The severity of CVE-2019-9545 is high with a severity score of 8.8.
What software is affected by CVE-2019-9545?
Poppler version 0.74.0 is affected by CVE-2019-9545.
How can I exploit CVE-2019-9545?
CVE-2019-9545 can be exploited by sending a crafted PDF file to the pdfimages binary.
What are the possible consequences of CVE-2019-9545?
CVE-2019-9545 can lead to Denial of Service (Segmentation fault) or potential remote code execution.
Is there a fix available for CVE-2019-9545?
Yes, upgrading to a version of Poppler that is not affected (after 0.74.0) will mitigate the vulnerability.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/freedesktop
- canonical/poppler utilities
- version/poppler utilities/0.74.0