CVE-2019-7310
published 2019-02-03CVE-2019-7310: In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | poppler | < poppler 0.71.0-4 (bookworm) | poppler 0.71.0-4 (bookworm) |
| fedoraproject | fedora | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | >= 0 < 0.71.0-4 | 0.71.0-4 |
| freedesktop | poppler | >= 0 < 0.71.0-4 | 0.71.0-4 |
| freedesktop | poppler | >= 0 < 0.71.0-4 | 0.71.0-4 |
| freedesktop | poppler | >= 0 < 0.71.0-4 | 0.71.0-4 |
| freedesktop | poppler | >= 0 < 0.24.5-2ubuntu4.16 | 0.24.5-2ubuntu4.16 |
| freedesktop | poppler | >= 0 < 0.41.0-0ubuntu1.12 | 0.41.0-0ubuntu1.12 |
| freedesktop | poppler | >= 0 < 0.62.0-2ubuntu2.7 | 0.62.0-2ubuntu2.7 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH