Heap-Based Buffer Over-Read in Poppler JPEG2000 Processing
CVE-2019-12293

8.8HIGH

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
23 May 2019
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2019-12293?

Poppler, a widely used PDF rendering library, is susceptible to a heap-based buffer over-read vulnerability in its JPEG2000 stream processing. This issue arises when JPXStream::init processes data with inconsistent height or width parameters. Exploiting this vulnerability could potentially lead to information disclosure or unexpected behavior, impacting the integrity of the software and its capability to handle JPEG2000 formatted content properly. Users of Poppler versions up to and including 0.76.1 are advised to apply the necessary security updates to mitigate the risk associated with this vulnerability.

References

https://gitlab.freedesktop.org/poppler/poppler/issues/768
x_refsource_MISC
http://www.securityfocus.com/bid/108457
vdb-entryx_refsource_BID
https://lists.debian.org/debian-lts-announce/2019/06/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.