CVE-2019-9903

CWE-787Out-of-bounds WriteCWE-400Uncontrolled Resource Consumption9 documents8 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 27.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Canonical Ubuntu LinuxDebian Debian LinuxFedoraproject Fedora+5 more
Timeline
PublishedMar 21
Latest updateMay 13

Description

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianpoppler< 0.85.0-2+3

Also affects: Debian Linux 10.0, Fedora 28, 29, 30, Ubuntu Linux 16.04, 18.04, 18.10, 19.04, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6

🔴Vulnerability Details

3
GHSA
GHSA-7xgf-6fqh-86mv: PDFDoc::markObject in PDFDoc2022-05-13
CVEList
CVE-2019-9903: PDFDoc::markObject in PDFDoc2019-03-21
OSV
CVE-2019-9903: PDFDoc::markObject in PDFDoc2019-03-21

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2019-06-27
Red Hat
poppler: stack consumption in function Dict::find() in Dict.cc2019-03-15
Debian
CVE-2019-9903: poppler - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leadi...2019

💬Community

2
Bugzilla
CVE-2019-9903 poppler: stack consumption in function Dict::find() in Dict.cc2019-03-22
Bugzilla
CVE-2019-9903 poppler: stack consumption in function Dict::find() in Dict.cc [fedora-all]2019-03-22
CVE-2019-9903 (MEDIUM CVSS 6.5) | PDFDoc::markObject in PDFDoc.cc in | cvebase.io