CVE-2019-7310

HIGH

Poppler 0.73.0 - DoS

Title source: llm

Description

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

References (9)

[Exploit, Third Party Advisory] https://gitlab.freedesktop.org/poppler/poppler/issues/717

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106829

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html

[Issue Tracking, Permissions Required, Third Party Advisory] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797

[Third Party Advisory] https://usn.ubuntu.com/3886-1/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2022

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2713

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html

Scores

CVSS v3 7.8

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-681 CWE-125

Status published

Products (19)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 18.10

debian/debian_linux 8.0

debian/debian_linux 9.0

fedoraproject/fedora 28

freedesktop/poppler 0.73.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux_desktop 7.0

... and 9 more

Published Feb 03, 2019

Tracked Since Feb 18, 2026