Fluid Attacks Database

Description

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.14	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.15	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.17	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.9	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| >=0 <0.56.0-r2	0.56.0-r2
alpine v3.18	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.20	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.7	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| >=0 <0.56.0-r1	0.56.0-r1
alpine v3.13	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.11	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| =0.71.0-r0 \|\| >=0 <0.80.0-r0	0.80.0-r0
alpine v3.8	poppler	=0.10.7-r0 \|\| =0.12.0-r0 \|\| =0.12.0-r1 \|\| =0.12.1-r0 \|\| =0.12.2-r0 \|\| =0.12.3-r0 \|\| =0.12.3-r1 \|\| =0.12.3-r2 \|\| =0.12.4-r0 \|\| =0.12.4-r1 \|\| =0.14.0-r0 \|\| =0.14.0-r1 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.16.0-r0 \|\| =0.16.2-r0 \|\| =0.16.3-r0 \|\| =0.16.4-r0 \|\| =0.16.4-r1 \|\| =0.16.5-r0 \|\| =0.16.7-r0 \|\| =0.18.0-r0 \|\| =0.18.1-r0 \|\| =0.18.2-r0 \|\| =0.18.3-r0 \|\| =0.18.4-r0 \|\| =0.20.0-r0 \|\| =0.20.1-r0 \|\| =0.20.2-r0 \|\| =0.20.3-r0 \|\| =0.20.3-r1 \|\| =0.20.5-r0 \|\| =0.22.0-r0 \|\| =0.22.1-r0 \|\| =0.22.1-r1 \|\| =0.24.2-r0 \|\| =0.24.2-r1 \|\| =0.24.2-r2 \|\| =0.24.3-r0 \|\| =0.24.4-r0 \|\| =0.24.5-r0 \|\| =0.26.3-r0 \|\| =0.26.4-r0 \|\| =0.26.5-r0 \|\| =0.28.1-r0 \|\| =0.29.0-r0 \|\| =0.32.0-r0 \|\| =0.33.0-r0 \|\| =0.37.0-r0 \|\| =0.38.0-r0 \|\| =0.39.0-r0 \|\| =0.40.0-r0 \|\| =0.41.0-r0 \|\| =0.43.0-r0 \|\| =0.43.0-r1 \|\| =0.47.0-r0 \|\| =0.47.0-r1 \|\| =0.48.0-r0 \|\| =0.50.0-r0 \|\| =0.52.0-r0 \|\| =0.54.0-r0 \|\| =0.56.0-r0 \|\| =0.56.0-r1 \|\| >=0 <0.56.0-r2	0.56.0-r2

1-10 of 26

Aliases

1. CVE-2019-99592. NVD-2019-99593. OSV-ALPINE-2019-99594. OSV-2019-99595. OSV-DEBIAN-2019-99596. SECURITY-CVE-2019-99597. SECURITY-TRACKER-CVE-2019-9959

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.