Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-9959

Опубликовано: 22 июл. 2019
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

РелизСтатусПримечание
bionic

ignored

devel

ignored

disco

ignored

eoan

ignored

esm-apps/bionic

ignored

esm-apps/jammy

ignored

esm-apps/noble

ignored

esm-apps/xenial

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

Показывать по

РелизСтатусПримечание
bionic

released

0.62.0-2ubuntu2.11
devel

not-affected

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

0.62.0-2ubuntu2.11
esm-infra/focal

not-affected

0.86.1-0ubuntu1
esm-infra/xenial

released

0.41.0-0ubuntu1.15
focal

not-affected

0.86.1-0ubuntu1
groovy

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 80%
0.01488
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-9959

CVSS3: 6.2
redhat
больше 6 лет назад

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

nvd логотип

CVE-2019-9959

CVSS3: 6.5
nvd
больше 6 лет назад

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

debian логотип

CVE-2019-9959

CVSS3: 6.5
debian
больше 6 лет назад

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...

github логотип

GHSA-834c-4748-827j

CVSS3: 6.5
github
больше 3 лет назад

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

fstec логотип

BDU:2021-03400

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость функции JPXStream::init библиотеки для отображения PDF-файлов Poppler, связанная с целочисленным переполнением значения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 80%
0.01488
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3