Denial of Service Vulnerability in Poppler by Freedesktop.org
CVE-2019-9543

8.8HIGH

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
1 March 2019
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2019-9543?

An issue has been identified in Poppler 0.74.0 that involves a recursive function call in JBIG2Stream::readGenericBitmap(). By sending a specially crafted PDF file to the pdfseparate binary, an attacker can trigger this vulnerability, potentially leading to a Denial of Service condition through a segmentation fault. There are also concerns regarding other unspecified impacts that may arise due to this flaw, highlighting the need for prompt security measures.

References

https://research.loginsoft.com/bugs/recursive-function-ca...
x_refsource_MISC
http://www.securityfocus.com/bid/107238
vdb-entryx_refsource_BID
https://gitlab.freedesktop.org/poppler/poppler/issues/730
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.