CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2019-12293 – poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc
https://notcve.org/view.php?id=CVE-2019-12293
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. En Poppler hasta la versión 0.76.1, existe una lectura en exceso del búfer por saturación en JPXStream :: init en JPEG2000Stream.cc por medio de datos con alturas o anchos inconsistentes. • http://www.securityfocus.com/bid/108457 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/768 https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJ • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-11026
https://notcve.org/view.php?id=CVE-2019-11026
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. FontInfoScanner::scanFonts en FontInfo.cc en Poppler 0.75.0 tiene una recursión infinita, que lleva a una llamada a la función de error en Error.cc. • https://gitlab.freedesktop.org/poppler/poppler/issues/752 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE https://research.loginsoft.com/bugs/1508 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10873
https://notcve.org/view.php?id=CVE-2019-10873
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay un problema de desreferencia de puntero NULL en la función SplashClip::clipAALine en splash/SplashClip.cc. • http://www.securityfocus.com/bid/107862 https://gitlab.freedesktop.org/poppler/poppler/issues/748 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://usn.ubuntu.com/4042-1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-10872
https://notcve.org/view.php?id=CVE-2019-10872
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función Splash::blitTransparent en splash/Splash.cc. • http://www.securityfocus.com/bid/107862 https://gitlab.freedesktop.org/poppler/poppler/issues/750 https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB https://usn.ubuntu.com/4042-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10871 – poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-10871
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función PSOutputDev::checkPageSlice en PSOutputDev.cc. • http://www.securityfocus.com/bid/107862 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/751 https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJ • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •