DEBIAN-CVE-2019-9545

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2019-9545

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-9545.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2019-9545

Upstream

CVE-2019-9545

Published

2019-03-01T19:29:02Z

Modified

2025-09-25T23:22:36.444167Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

References

https://security-tracker.debian.org/tracker/CVE-2019-9545

Affected packages

Debian:11 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.09.0-3.1

20.09.0-3.1+deb11u1

20.09.0-3.1+deb11u2

21.*

21.02.0-1

21.06.0-1

21.06.1-1

21.11.0-1

22.*

22.02.0-1

22.02.0-2

22.02.0-3

22.06.0-1

22.08.0-1

22.08.0-2

22.08.0-2.1

22.11.0-1

22.12.0-1

22.12.0-2

22.12.0-2.1

22.12.0-2.2

23.*

23.08.0-1

23.08.0-2

23.12.0-1

24.*

24.02.0-1

24.02.0-2

24.02.0-3

24.02.0-4

24.02.0-5

24.02.0-5+loong64

24.06.0-1

24.06.0-2

24.08.0-1

24.08.0-2

24.08.0-3

24.08.0-4

25.*

25.01.0-1

25.01.0-2

25.01.0-3

25.01.0-4

25.01.0-5

25.03.0-1

25.03.0-2

25.03.0-3

25.03.0-4

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

22.*

22.12.0-2

22.12.0-2+deb12u1

22.12.0-2.1

22.12.0-2.2

23.*

23.08.0-1

23.08.0-2

23.12.0-1

24.*

24.02.0-1

24.02.0-2

24.02.0-3

24.02.0-4

24.02.0-5

24.02.0-5+loong64

24.06.0-1

24.06.0-2

24.08.0-1

24.08.0-2

24.08.0-3

24.08.0-4

25.*

25.01.0-1

25.01.0-2

25.01.0-3

25.01.0-4

25.01.0-5

25.03.0-1

25.03.0-2

25.03.0-3

25.03.0-4

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

Ecosystem specific

{
    "urgency": "low"
}

Debian:14 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

Ecosystem specific

{
    "urgency": "low"
}