An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107238 | Third Party Advisory VDB Entry |
https://gitlab.freedesktop.org/poppler/poppler/issues/730 | Exploit Third Party Advisory |
https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ | Third Party Advisory |
http://www.securityfocus.com/bid/107238 | Third Party Advisory VDB Entry |
https://gitlab.freedesktop.org/poppler/poppler/issues/730 | Exploit Third Party Advisory |
https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 04:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/107238 - Third Party Advisory, VDB Entry | |
References | () https://gitlab.freedesktop.org/poppler/poppler/issues/730 - Exploit, Third Party Advisory | |
References | () https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ - Third Party Advisory |
Information
Published : 2019-03-01 19:29
Updated : 2024-11-21 04:51
NVD link : CVE-2019-9543
Mitre link : CVE-2019-9543
CVE.ORG link : CVE-2019-9543
JSON object : View
Products Affected
freedesktop
- poppler
CWE
CWE-674
Uncontrolled Recursion