Fluid Attacks Database

Description

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	poppler	>=0 <0.71.0-4	0.71.0-4
debian 14	poppler	>=0 <0.71.0-4	0.71.0-4
debian 13	poppler	>=0 <0.71.0-4	0.71.0-4
debian 12	poppler	>=0 <0.71.0-4	0.71.0-4
rpm rhel7	okular	<0:4.10.5-7.el7	0:4.10.5-7.el7
rpm rhel8	poppler	<0:0.66.0-11.el8_0.12	0:0.66.0-11.el8_0.12
rpm rhel7	evince	<0:3.28.2-8.el7	0:3.28.2-8.el7
rpm rhel7	poppler	<0:0.26.5-38.el7	0:0.26.5-38.el7

Aliases

1. CVE-2019-92002. NVD-2019-92003. OSV-DEBIAN-2019-92004. OSV-2019-92005. SECURITY-TRACKER-CVE-2019-9200

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.