Описание
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | poppler | Not affected | ||
| Red Hat Enterprise Linux 6 | poppler | Not affected | ||
| Red Hat Enterprise Linux 7 | evince | Fixed | RHSA-2019:2022 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | okular | Fixed | RHSA-2019:2022 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | poppler | Fixed | RHSA-2019:2022 | 06.08.2019 |
| Red Hat Enterprise Linux 8 | poppler | Fixed | RHSA-2019:2713 | 12.09.2019 |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
A heap-based buffer underwrite exists in ImageStream::getLine() locate ...
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Уязвимость метода ImageStream::getLine из poppler/Stream.cc библиотеки для отображения PDF-файлов Poppler, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
6.3 Medium
CVSS3