CVE-2019-9545

CWE-674Uncontrolled RecursionCWE-8358 documents7 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedMar 1
Latest updateMay 13

Description

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-qhp4-37x2-x9w9: An issue was discovered in Poppler 02022-05-13
CVEList
CVE-2019-9545: An issue was discovered in Poppler 02019-03-01
OSV
CVE-2019-9545: An issue was discovered in Poppler 02019-03-01

📋Vendor Advisories

2
Red Hat
poppler: recursive function call in JBIG2Stream::readTextRegion() in JBIG2Stream.cc causing denial of service2019-02-28
Debian
CVE-2019-9545: poppler - An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2St...2019

💬Community

2
Bugzilla
CVE-2019-9545 poppler: recursive function call in JBIG2Stream::readTextRegion() in JBIG2Stream.cc causing denial of service2019-03-06
Bugzilla
CVE-2019-9545 poppler: recursive function call in JBIG2Stream::readTextRegion() in JBIG2Stream.cc causing denial of service [fedora-all]2019-03-06
CVE-2019-9545 (HIGH CVSS 8.8) | An issue was discovered in Poppler | cvebase.io