CVE-2019-12293

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
8.8HIGH
EPSS
0.9%
top 23.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedMay 23
Latest updateMay 24

Description

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Debianpoppler< 0.71.0-5+3

🔴Vulnerability Details

3
GHSA
GHSA-vw78-hqhc-j4hj: In Poppler through 02022-05-24
CVEList
CVE-2019-12293: In Poppler through 02019-05-23
OSV
CVE-2019-12293: In Poppler through 02019-05-23

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2019-06-27
Red Hat
poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc2019-05-23
Debian
CVE-2019-12293: poppler - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::...2019

💬Community

2
Bugzilla
CVE-2019-12293 poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc [fedora-all]2019-05-24
Bugzilla
CVE-2019-12293 poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc2019-05-24
CVE-2019-12293 (HIGH CVSS 8.8) | In Poppler through 0.76.1 | cvebase.io