Lucene search

K

MitreCVELIST:CVE-2019-9959

HistoryJul 22, 2019 - 2:18 p.m.

CVE-2019-9959

2019-07-2214:18:19

mitre

www.cve.org

1

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

The JPXStream::init function in Poppler 0.78.0 and earlier doesn’t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

References

www.securityfocus.com/bid/109342

access.redhat.com/errata/RHSA-2019:2713

gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS

lists.debian.org/debian-lts-announce/2019/10/msg00024.html

lists.debian.org/debian-lts-announce/2020/11/msg00014.html

lists.debian.org/debian-lts-announce/2022/09/msg00030.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

Related for CVELIST:CVE-2019-9959

nessus26 openvas14 alpinelinux1 veracode1 osv5 fedora2 redhatcve1 nvd1 prion1 cve1 ubuntucve1 debiancve1 cnvd1 mageia1 debian3 amazon2 oraclelinux2 ubuntu1 centos1 redhat2 kitploit1 rosalinux1 suse1