CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

References

Affected packages

Git / gitlab.freedesktop.org/poppler/poppler

Affected ranges

Type

GIT

Repo

https://gitlab.freedesktop.org/poppler/poppler

Events

Introduced

Last affected

c0c89223c1724815e8bae78ebac72bb3a4873a68

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.74.0"
        }
    ]
}

Affected versions

poppler-0.*

poppler-0.10.0

poppler-0.11.0

poppler-0.11.1

poppler-0.11.2

poppler-0.11.3

poppler-0.12.0

poppler-0.13.1

poppler-0.13.2

poppler-0.13.3

poppler-0.13.4

poppler-0.14.0

poppler-0.15.0

poppler-0.15.1

poppler-0.15.2

poppler-0.15.3

poppler-0.16.0

poppler-0.17.0

poppler-0.17.1

poppler-0.17.2

poppler-0.17.3

poppler-0.17.4

poppler-0.18.0

poppler-0.19.0

poppler-0.19.1

poppler-0.19.2

poppler-0.19.3

poppler-0.19.4

poppler-0.2.0

poppler-0.20.0

poppler-0.20.1

poppler-0.20.2

poppler-0.20.3

poppler-0.20.4

poppler-0.20.5

poppler-0.21.0

poppler-0.21.1

poppler-0.21.2

poppler-0.21.3

poppler-0.21.4

poppler-0.22.0

poppler-0.22.1

poppler-0.22.2

poppler-0.22.3

poppler-0.22.4

poppler-0.23.0

poppler-0.23.1

poppler-0.23.2

poppler-0.23.3

poppler-0.23.4

poppler-0.24.0

poppler-0.24.1

poppler-0.24.2

poppler-0.24.3

poppler-0.24.4

poppler-0.24.5

poppler-0.25.0

poppler-0.25.1

poppler-0.25.2

poppler-0.25.3

poppler-0.26.0

poppler-0.26.1

poppler-0.26.2

poppler-0.26.3

poppler-0.26.4

poppler-0.28.0

poppler-0.28.1

poppler-0.29.0

poppler-0.3.0

poppler-0.3.1

poppler-0.3.2

poppler-0.3.3

poppler-0.30.0

poppler-0.31.0

poppler-0.32.0

poppler-0.33.0

poppler-0.34.0

poppler-0.35.0

poppler-0.36

poppler-0.37

poppler-0.38.0

poppler-0.39

poppler-0.4.0

poppler-0.40.0

poppler-0.41.0

poppler-0.42.0

poppler-0.43

poppler-0.44

poppler-0.45

poppler-0.46

poppler-0.47

poppler-0.48

poppler-0.49

poppler-0.5.0

poppler-0.5.1

poppler-0.5.2

poppler-0.5.3

poppler-0.5.4

poppler-0.50

poppler-0.51

poppler-0.52

poppler-0.53

poppler-0.54

poppler-0.55

poppler-0.56

poppler-0.57

poppler-0.58

poppler-0.59

poppler-0.6.0

poppler-0.6.0.RC1

poppler-0.60

poppler-0.60.1

poppler-0.61

poppler-0.61.1

poppler-0.62.0

poppler-0.63.0

poppler-0.64.0

poppler-0.65.0

poppler-0.66.0

poppler-0.67.0

poppler-0.68.0

poppler-0.69.0

poppler-0.7.0

poppler-0.7.1

poppler-0.7.2

poppler-0.7.3

poppler-0.70.0

poppler-0.70.1

poppler-0.71.0

poppler-0.72.0

poppler-0.73.0

poppler-0.74.0

poppler-0.8.0

poppler-0.9.0

poppler-0.9.1

poppler-0.9.2

poppler-0.9.3

Other

poppler-before-fontconfig

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9200.json"