First published: Mon Jul 22 2019(Updated: )
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | <=0.78.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
redhat/poppler | <0.79 | 0.79 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-9959.
CVE-2019-9959 has a severity rating of 6.5 (medium).
The vulnerability in Poppler occurs due to the JPXStream::init function not checking for negative values of stream length.
The CVE-2019-9959 vulnerability allows an attacker to allocate a large memory chunk on the heap, leading to an integer overflow.
Yes, a fix is available for CVE-2019-9959 in version 0.79 of Poppler.