Fluid Attacks Database

Description

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	poppler	=20.09.0-3.1 \|\| =20.09.0-3.1+deb11u1 \|\| =20.09.0-3.1+deb11u2 \|\| =21.02.0-1 \|\| =21.06.0-1 \|\| =21.06.1-1 \|\| =21.11.0-1 \|\| =22.02.0-1 \|\| =22.02.0-2 \|\| =22.02.0-3 \|\| =22.06.0-1 \|\| =22.08.0-1 \|\| =22.08.0-2 \|\| =22.08.0-2.1 \|\| =22.11.0-1 \|\| =22.12.0-1 \|\| =22.12.0-2 \|\| =22.12.0-2.1 \|\| =22.12.0-2.2 \|\| =23.08.0-1 \|\| =23.08.0-2 \|\| =23.12.0-1 \|\| =24.02.0-1 \|\| =24.02.0-2 \|\| =24.02.0-3 \|\| =24.02.0-4 \|\| =24.02.0-5 \|\| =24.02.0-5+loong64 \|\| =24.06.0-1 \|\| =24.06.0-2 \|\| =24.08.0-1 \|\| =24.08.0-2 \|\| =24.08.0-3 \|\| =24.08.0-4 \|\| =25.01.0-1 \|\| =25.01.0-2 \|\| =25.01.0-3 \|\| =25.01.0-4 \|\| =25.01.0-5 \|\| =25.03.0-1 \|\| =25.03.0-10 \|\| =25.03.0-11 \|\| =25.03.0-11.1 \|\| =25.03.0-2 \|\| =25.03.0-3 \|\| =25.03.0-4 \|\| =25.03.0-5 \|\| =25.03.0-6 \|\| =25.03.0-7 \|\| =25.03.0-9 \|\| =26.01.0-1 \|\| =26.01.0-2
debian 12	poppler	=22.12.0-2 \|\| =22.12.0-2+deb12u1 \|\| =22.12.0-2.1 \|\| =22.12.0-2.2 \|\| =23.08.0-1 \|\| =23.08.0-2 \|\| =23.12.0-1 \|\| =24.02.0-1 \|\| =24.02.0-2 \|\| =24.02.0-3 \|\| =24.02.0-4 \|\| =24.02.0-5 \|\| =24.02.0-5+loong64 \|\| =24.06.0-1 \|\| =24.06.0-2 \|\| =24.08.0-1 \|\| =24.08.0-2 \|\| =24.08.0-3 \|\| =24.08.0-4 \|\| =25.01.0-1 \|\| =25.01.0-2 \|\| =25.01.0-3 \|\| =25.01.0-4 \|\| =25.01.0-5 \|\| =25.03.0-1 \|\| =25.03.0-10 \|\| =25.03.0-11 \|\| =25.03.0-11.1 \|\| =25.03.0-2 \|\| =25.03.0-3 \|\| =25.03.0-4 \|\| =25.03.0-5 \|\| =25.03.0-6 \|\| =25.03.0-7 \|\| =25.03.0-9 \|\| =26.01.0-1 \|\| =26.01.0-2
debian 13	poppler	=25.03.0-10 \|\| =25.03.0-11 \|\| =25.03.0-11.1 \|\| =25.03.0-5 \|\| =25.03.0-5+deb13u2 \|\| =25.03.0-6 \|\| =25.03.0-7 \|\| =25.03.0-9 \|\| =26.01.0-1 \|\| =26.01.0-2
debian 14	poppler	=25.03.0-10 \|\| =25.03.0-11 \|\| =25.03.0-11.1 \|\| =25.03.0-5 \|\| =25.03.0-6 \|\| =25.03.0-7 \|\| =25.03.0-9 \|\| =26.01.0-1 \|\| =26.01.0-2

Aliases

1. CVE-2019-95452. NVD-2019-95453. OSV-DEBIAN-2019-95454. OSV-2019-95455. SECURITY-TRACKER-CVE-2019-9545

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.