CVE-2019-9903

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

Ссылки

http://www.securityfocus.com/bid/107560
Broken Link
https://access.redhat.com/errata/RHSA-2019:2713
Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/issues/741
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/
https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/
Exploit
Third Party Advisory
https://usn.ubuntu.com/4042-1/
Third Party Advisory
http://www.securityfocus.com/bid/107560
Broken Link
https://access.redhat.com/errata/RHSA-2019:2713
Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/issues/741
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/
https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/
Exploit
Third Party Advisory
https://usn.ubuntu.com/4042-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00445

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-9903

CVSS3: 6.5

ubuntu

около 6 лет назад

CVE-2019-9903

CVSS3: 3.3

redhat

больше 6 лет назад

CVE-2019-9903

CVSS3: 6.5

debian

около 6 лет назад

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...

GHSA-7xgf-6fqh-86mv

CVSS3: 6.5

github

около 3 лет назад

BDU:2022-06890

CVSS3: 6.5

fstec

больше 6 лет назад

Уязвимость функции Dict::find() компонента Dict.cc библиотеки для отображения PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 62%

0.00445

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787