Vulnerabilities

CVE-2019-9959

by Fred · 22/07/2019

The JPXStream::init function in Poppler 0.78.0 and earlier doesn’t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

Date published : 2019-07-22

http://www.securityfocus.com/bid/109342

https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS

Similar

Tags: Cybersecurity Alert