CVE-2019-9545

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Poppler version 0.74.0

Description An issue in the JBIG2Stream::readTextRegion() function, located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file. This allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have other unspecified impacts. The issue is related to the JBIG2Bitmap::clearToZero function.

Recommendations For Poppler version 0.74.0, consider avoiding the use of the pdfimages binary with untrusted pdf files until a patch is available. As a temporary workaround, restrict access to the JBIG2Stream::readTextRegion() function to minimize the risk of exploitation.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2019-9545

ECHO-85AE-1B9C-0BB1

OPENSUSE-SU-2023_4270-1

OPENSUSE-SU-2023_4562-1

SUSE-SU-2023:4270-1

SUSE-SU-2023:4362-1

SUSE-SU-2023:4546-1

SUSE-SU-2023:4562-1

SUSE-SU-2023_4562-1

Affected Products

Debian

Poppler

Suse

CVE-2019-9545

Weakness Enumeration

Related Identifiers

Affected Products

References · 53