CVE-2019-9200

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow10 documents8 sources

Severity

8.8HIGH

EPSS

5.3%

top 9.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Debian Debian Linux Freedesktop Poppler

Timeline

PublishedFeb 26

Latest updateMay 13

Description

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶Debianpoppler< 0.71.0-4+3

▶NVDfreedesktop/poppler0.74.0

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-g25g-gjmh-hgmj: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream↗2022-05-13

▶

CVEList

CVE-2019-9200: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream↗2019-02-26

▶

OSV

CVE-2019-9200: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream↗2019-02-26

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2019-06-27

▶

Ubuntu

poppler vulnerability↗2019-03-11

▶

Red Hat

poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc↗2019-02-25

▶

Debian

CVE-2019-9200: poppler - A heap-based buffer underwrite exists in ImageStream::getLine() located at Strea...↗2019

▶

💬Community

Bugzilla

CVE-2019-9200 poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc [fedora-all]↗2019-02-27

▶

Bugzilla

CVE-2019-9200 poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc↗2019-02-27

▶