Описание
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.62.0-2ubuntu2.7 |
| cosmic | released | 0.68.0-0ubuntu1.5 |
| devel | released | 0.71.0-2ubuntu4 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.24.5-2ubuntu4.16]] |
| esm-infra/bionic | not-affected | 0.62.0-2ubuntu2.7 |
| esm-infra/xenial | not-affected | 0.41.0-0ubuntu1.12 |
| precise/esm | DNE | |
| trusty | released | 0.24.5-2ubuntu4.16 |
| trusty/esm | DNE | trusty was released [0.24.5-2ubuntu4.16] |
| upstream | needs-triage |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Уязвимость функции XRef::getEntry библиотеки для отображения PDF-файлов Poppler, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3