Skip to main content

Poppler CVE-2019-9543

HIGH
Uncontrolled Recursion (CWE-674)
2019-03-01 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 01, 2019 - 19:29 nvd
HIGH 8.8

DescriptionNVD

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.

AnalysisAI

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-674. An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. Affected products include: Freedesktop Poppler.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-4474 MEDIUM POC
5.0 Nov 23

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote

CVE-2017-2820 HIGH POC
8.8 Jul 12

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Pop

CVE-2017-15565 HIGH POC
8.8 Oct 17

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via

CVE-2019-12293 HIGH POC
8.8 May 23

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with

CVE-2019-10872 HIGH POC
8.8 Apr 05

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-9545 HIGH POC
8.8 Mar 01

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-9200 HIGH POC
8.8 Feb 26

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for exa

CVE-2013-4473 HIGH POC
7.5 Nov 23

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote

CVE-2017-14518 HIGH POC
7.8 Sep 17

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a c

CVE-2017-14520 HIGH POC
7.8 Sep 17

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a poten

CVE-2022-38784 HIGH POC
7.8 Aug 30

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg

CVE-2020-35702 HIGH POC
7.8 Dec 25

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. Rate

Share

CVE-2019-9543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy