Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-7310

Published: 03/02/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Freedesktop

Vulnerability Summary

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop poppler 0.73.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

debian debian linux 8.0

debian debian linux 9.0

fedoraproject fedora 28

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

Vendor Advisories

Ubuntu Security Notice: poppler vulnerabilities
Several security issues were fixed in poppler ...
Red Hat: Moderate: poppler security update
Synopsis Moderate: poppler security update Type/Severity Security Advisory: Moderate Topic An update for poppler is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Moderate: poppler security, bug fix, and enhancement update
Synopsis Moderate: poppler security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...
Amazon Linux 2: ALAS2-2019-1332
In Poppler 0680, the Parser::getObj() function in Parsercc may cause infinite recursion via a crafted file A remote attacker can leverage this for a DoS attack(CVE-2018-16646) An issue was discovered in Poppler 0710 There is a memory leak in GfxColorSpace::setDisplayProfile in GfxStatecc, as demonstrated by pdftocairo(CVE-2018-18897) An i ...
Debian CVElist Bug Report Logs: poppler: CVE-2018-16646 denial-of-service via crafted file
Debian Bug report logs - #909802 poppler: CVE-2018-16646 denial-of-service via crafted file Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Fri, 28 Sep 2018 18:33:02 UTC Severity: ...
Debian CVElist Bug Report Logs: poppler: CVE-2019-7310: Heap buffer overflow in XRef::getEntry due to integer overflow
Debian Bug report logs - #921215 poppler: CVE-2019-7310: Heap buffer overflow in XRef::getEntry due to integer overflow Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...
Debian CVElist Bug Report Logs: poppler: CVE-2018-20662
Debian Bug report logs - #918158 poppler: CVE-2018-20662 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Jan 2019 21:57:01 UTC Severity: normal Tags: securi ...
Debian CVElist Bug Report Logs: poppler: CVE-2018-20551: reachable abort in AnnotRichMedia::Content::Content at Annot.cc:6432
Debian Bug report logs - #917525 poppler: CVE-2018-20551: reachable abort in AnnotRichMedia::Content::Content at Annotcc:6432 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg&gt ...
Debian CVElist Bug Report Logs: poppler: CVE-2019-9631: heap overflow in downsample_row_box_filter
Debian Bug report logs - #926673 poppler: CVE-2019-9631: heap overflow in downsample_row_box_filter Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 8 Apr 2019 ...
Debian CVElist Bug Report Logs: poppler: CVE-2018-20481
Debian Bug report logs - #917325 poppler: CVE-2018-20481 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Dec 2018 08:36:02 UTC Severity: important Tags: fix ...
Debian CVElist Bug Report Logs: poppler: CVE-2019-10873
Debian Bug report logs - #926532 poppler: CVE-2019-10873 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Apr 2019 15:57:01 UTC Severity: important Tags: fix ...
Debian CVElist Bug Report Logs: poppler: CVE-2019-9200
Debian Bug report logs - #923414 poppler: CVE-2019-9200 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Feb 2019 20:30:02 UTC Severity: important Tags: fixe ...
Amazon Linux AMI: ALAS-2019-1271
XRef::getEntry in XRefcc in Poppler 0720 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRefh is called from Parser::makeStream in Parsercc(CVE-2018-20481) In Poppler 0680, the Parser::getObj() function in Parse ...
Red Hat: CVE-2019-7310
In Poppler 0730, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRefcc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo ...
Arch Linux Issues:
In Poppler 0730, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRefcc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo ...

References

CWE-125CWE-681https://gitlab.freedesktop.org/poppler/poppler/issues/717https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797http://www.securityfocus.com/bid/106829https://usn.ubuntu.com/3886-1/https://lists.debian.org/debian-lts-announce/2019/03/msg00008.htmlhttps://access.redhat.com/errata/RHSA-2019:2022https://access.redhat.com/errata/RHSA-2019:2713https://lists.debian.org/debian-lts-announce/2020/11/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/https://usn.ubuntu.com/3886-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook