Heap-Based Buffer Over-Read in Poppler Affects Multiple Linux Distributions
CVE-2019-9631

9.8CRITICAL

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
8 March 2019
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2019-9631?

Poppler version 0.74.0 contains a vulnerability that leads to a heap-based buffer over-read within the downsample_row_box_filter function of CairoRescaleBox.cc. This type of flaw can allow attackers to read memory beyond the intended buffer, potentially exposing sensitive data or causing abnormal application behaviors. Various Linux distributions, including Fedora, Debian, and Ubuntu, have been affected, leading to important security advisories and updates to mitigate risks associated with this vulnerability.

References

https://gitlab.freedesktop.org/poppler/poppler/issues/736
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.