CVE-2019-7310

CWE-125Out-of-bounds ReadCWE-68111 documents8 sources
Severity
7.8HIGH
EPSS
0.3%
top 46.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Canonical Ubuntu LinuxDebian Debian LinuxFedoraproject Fedora+8 more
Timeline
PublishedFeb 3
Latest updateMay 4

Description

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

Debianpoppler< 0.71.0-4+3
Ubuntupoppler< 0.24.5-2ubuntu4.16+2

Also affects: Debian Linux 8.0, 9.0, Fedora 28, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 8.0, 8.1, 8.2, 8.4

🔴Vulnerability Details

4
GHSA
GHSA-97f8-cr7q-jg2w: In Poppler 02022-05-04
OSV
poppler vulnerabilities2019-02-11
CVEList
CVE-2019-7310: In Poppler 02019-02-03
OSV
CVE-2019-7310: In Poppler 02019-02-03

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2019-02-11
Red Hat
poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc2019-02-01
Debian
CVE-2019-7310: poppler - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness e...2019

💬Community

3
Bugzilla
CVE-2019-7310 poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc [fedora-all]2019-02-04
Bugzilla
CVE-2019-7310 poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc2019-02-04
Bugzilla
CVE-2019-7310 mingw-poppler: poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc [fedora-all]2019-02-04
CVE-2019-7310 (HIGH CVSS 7.8) | In Poppler 0.73.0 | cvebase.io