Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 309
    • Issues 309
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #128

Closed
Open
Created Jul 29, 2019 by Emily@emily🤖

user/poppler: multiple vulnerabilities

Bugzilla ID 128
Alias(es) CVE-2019-10871, CVE-2019-14494, CVE-2019-9543, CVE-2019-9545, CVE-2019-9959
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-07-29 04:21:38 -0500
Modified 2020-06-22 06:08:42 -0500
Status CONFIRMED
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / minor
Package(s) user/poppler

Description

CVE-2019-9543: https://nvd.nist.gov/vuln/detail/CVE-2019-9543

An issue was discovered in Poppler 0.74.0. A recursive function call,
in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be
triggered by sending a crafted pdf file to (for example) the
pdfseparate binary. It allows an attacker to cause Denial of Service
(Segmentation fault) or possibly have unspecified other impact. This
is related to JArithmeticDecoder::decodeBit.

Wait on upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/730

CVE-2019-9545: https://nvd.nist.gov/vuln/detail/CVE-2019-9545

An issue was discovered in Poppler 0.74.0. A recursive function call,
in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be
triggered by sending a crafted pdf file to (for example) the pdfimages
binary. It allows an attacker to cause Denial of Service (Segmentation
fault) or possibly have unspecified other impact. This is related to
JBIG2Bitmap::clearToZero.

Wait on upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/731

CVE-2019-10871: https://nvd.nist.gov/vuln/detail/CVE-2019-10871

An issue was discovered in Poppler 0.74.0. There is a heap-based
buffer over-read in the function PSOutputDev::checkPageSlice at
PSOutputDev.cc.

Wait on upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/751

Assignee
Assign to
Time tracking