CVE-2019-9200
poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Existe un "infraescritura" de búfer basado en memoria dinámica (heap) en mageStream::getLine() en Stream.cc en la versión 0.74.0 de Poppler que puede, por ejemplo, desencadenarse mediante el envío de un archivo PDF manipulado al binario pdfimages. Permite a un atacante provocar una denegación de servicio (fallo de segmentación) o tener otro impacto no especificado.
Poppler is a Portable Document Format rendering library, used by applications such as Evince or Okular. Issues addressed include buffer overflow and null pointer vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-26 CVE Reserved
- 2019-02-26 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107172 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.freedesktop.org/poppler/poppler/issues/728 | 2024-08-04 | |
| https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0 | 2024-08-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | 0.74.0 Search vendor "Freedesktop" for product "Poppler" and version "0.74.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||