Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-7310

Опубликовано: 03 фев. 2019
Источник: debian
EPSS Низкий

Описание

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
popplerfixed0.71.0-4package

Примечания

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797

  • https://gitlab.freedesktop.org/poppler/poppler/issues/717

  • https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172

  • https://gitlab.freedesktop.org/poppler/poppler/commit/b54e1fc3e0d2600621a28d50f9f085b9e38619c2

EPSS

Процентиль: 50%
0.00267
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-7310

CVSS3: 7.8
ubuntu
больше 6 лет назад

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

redhat логотип

CVE-2019-7310

CVSS3: 5.3
redhat
больше 6 лет назад

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

nvd логотип

CVE-2019-7310

CVSS3: 7.8
nvd
больше 6 лет назад

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

github логотип

GHSA-97f8-cr7q-jg2w

CVSS3: 7.8
github
около 3 лет назад

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

fstec логотип

BDU:2019-01408

fstec
больше 6 лет назад

Уязвимость функции XRef::getEntry библиотеки для отображения PDF-файлов Poppler, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

EPSS

Процентиль: 50%
0.00267
Низкий