CVE-2019-7310

CVE-2019-7310

Name

CVE-2019-7310

Description

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://gitlab.freedesktop.org/poppler/poppler/issues/717
Issue Tracking	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
Third Party Advisory	http://www.securityfocus.com/bid/106829
Third Party Advisory	https://usn.ubuntu.com/3886-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/
REDHAT	https://access.redhat.com/errata/RHSA-2019:2022
REDHAT	https://access.redhat.com/errata/RHSA-2019:2713
MLIST	https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html

Type

URI

Exploit

https://gitlab.freedesktop.org/poppler/poppler/issues/717

Issue Tracking

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797

Third Party Advisory

http://www.securityfocus.com/bid/106829

Third Party Advisory

https://usn.ubuntu.com/3886-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html