CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9545
https://notcve.org/view.php?id=CVE-2019-9545
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. Se ha descubierto un problema en Poppler 0.74.0. • https://gitlab.freedesktop.org/poppler/poppler/issues/731 https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9543
https://notcve.org/view.php?id=CVE-2019-9543
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. Se ha descubierto un problema en Poppler 0.74.0. • http://www.securityfocus.com/bid/107238 https://gitlab.freedesktop.org/poppler/poppler/issues/730 https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 2CVE-2019-9200 – poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc
https://notcve.org/view.php?id=CVE-2019-9200
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Existe un "infraescritura" de búfer basado en memoria dinámica (heap) en mageStream::getLine() en Stream.cc en la versión 0.74.0 de Poppler que puede, por ejemplo, desencadenarse mediante el envío de un archivo PDF manipulado al binario pdfimages. Permite a un atacante provocar una denegación de servicio (fallo de segmentación) o tener otro impacto no especificado. • http://www.securityfocus.com/bid/107172 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/728 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS https://lists.fedoraproject.org/archives/list/packag • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •