CVE-2019-11026
https://notcve.org/view.php?id=CVE-2019-11026
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. FontInfoScanner::scanFonts en FontInfo.cc en Poppler 0.75.0 tiene una recursión infinita, que lleva a una llamada a la función de error en Error.cc. • https://gitlab.freedesktop.org/poppler/poppler/issues/752 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE https://research.loginsoft.com/bugs/1508 • CWE-674: Uncontrolled Recursion •
CVE-2019-10873
https://notcve.org/view.php?id=CVE-2019-10873
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay un problema de desreferencia de puntero NULL en la función SplashClip::clipAALine en splash/SplashClip.cc. • http://www.securityfocus.com/bid/107862 https://gitlab.freedesktop.org/poppler/poppler/issues/748 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://usn.ubuntu.com/4042-1 • CWE-476: NULL Pointer Dereference •
CVE-2019-10872
https://notcve.org/view.php?id=CVE-2019-10872
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función Splash::blitTransparent en splash/Splash.cc. • http://www.securityfocus.com/bid/107862 https://gitlab.freedesktop.org/poppler/poppler/issues/750 https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB https://usn.ubuntu.com/4042-1 • CWE-125: Out-of-bounds Read •
CVE-2019-10871 – poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-10871
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función PSOutputDev::checkPageSlice en PSOutputDev.cc. • http://www.securityfocus.com/bid/107862 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/751 https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJ • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2019-9903 – poppler: stack consumption in function Dict::find() in Dict.cc
https://notcve.org/view.php?id=CVE-2019-9903
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. PDFDoc::markObject en PDFDoc.cc en Poppler 0.74.0 gestiona de manera incorrecta el marcado de diccionarios, que conduce al consumo de pila en la función Dict::find() en Dict.cc, que puede (por ejemplo) desencadenarse pasando un archivo pdf manipulado al binario pdfunite. • http://www.securityfocus.com/bid/107560 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/741 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6 https://lists.fedoraproject.org/archives/list/package-announce%4 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •