Heap-Based Buffer Over-Read in Poppler by Freedesktop
CVE-2019-10871

6.5MEDIUM

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
5 April 2019

What is CVE-2019-10871?

A security issue has been identified in Poppler version 0.74.0, which includes a heap-based buffer over-read in the PSOutputDev::checkPageSlice function. This vulnerability potentially allows attackers to access data beyond allocated memory boundaries, which could lead to information leaks or crashes. Users are advised to review the relevant security advisories and consider updating their Poppler installation to mitigate any associated risks.

References

https://gitlab.freedesktop.org/poppler/poppler/issues/751
x_refsource_MISC
http://www.securityfocus.com/bid/107862
vdb-entryx_refsource_BID
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.