CVE-2019-11026

CWE-674Uncontrolled RecursionCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 33.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedoraproject FedoraFreedesktop Poppler
Timeline
PublishedApr 8
Latest updateMay 13

Description

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianpoppler< 0.85.0-2+3

Also affects: Fedora 28, 29, 30

🔴Vulnerability Details

3
GHSA
GHSA-5vr3-7g3c-x85q: FontInfoScanner::scanFonts in FontInfo2022-05-13
CVEList
CVE-2019-11026: FontInfoScanner::scanFonts in FontInfo2019-04-08
OSV
CVE-2019-11026: FontInfoScanner::scanFonts in FontInfo2019-04-08

📋Vendor Advisories

2
Red Hat
poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc2019-04-09
Debian
CVE-2019-11026: poppler - FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursi...2019

💬Community

2
Bugzilla
CVE-2019-11026 poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc2019-04-15
Bugzilla
CVE-2019-11026 poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc [fedora-all]2019-04-15
CVE-2019-11026 (MEDIUM CVSS 6.5) | FontInfoScanner::scanFonts in FontI | cvebase.io