6.8
CVSSv2

CVE-2019-7310

Published: 03/02/2019 Updated: 06/08/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

Vulnerability Trend

Affected Products

Vendor Product Versions
FreedesktopPoppler0.73.0
CanonicalUbuntu Linux14.04, 16.04, 18.04, 18.10
DebianDebian Linux8.0
FedoraprojectFedora28

Vendor Advisories

Several security issues were fixed in poppler ...
In Poppler 0730, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRefcc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo ...
Synopsis Moderate: poppler security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...
In Poppler 0730, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRefcc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo ...
Debian Bug report logs - #918158 poppler: CVE-2018-20662 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Jan 2019 21:57:01 UTC Severity: normal Tags: securi ...
Debian Bug report logs - #917325 poppler: CVE-2018-20481 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Dec 2018 08:36:02 UTC Severity: important Tags: fix ...
Debian Bug report logs - #926673 poppler: CVE-2019-9631: heap overflow in downsample_row_box_filter Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 8 Apr 2019 ...
Debian Bug report logs - #923414 poppler: CVE-2019-9200 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Feb 2019 20:30:02 UTC Severity: important Tags: fixe ...
Debian Bug report logs - #909802 poppler: CVE-2018-16646 denial-of-service via crafted file Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Fri, 28 Sep 2018 18:33:02 UTC Severity: ...
Debian Bug report logs - #926532 poppler: CVE-2019-10873 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Apr 2019 15:57:01 UTC Severity: important Tags: fix ...
Debian Bug report logs - #917525 poppler: CVE-2018-20551: reachable abort in AnnotRichMedia::Content::Content at Annotcc:6432 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg&gt ...
Debian Bug report logs - #921215 poppler: CVE-2019-7310: Heap buffer overflow in XRef::getEntry due to integer overflow Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...

Github Repositories

Manul Manul is a coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS (beta) written in pure Python Quick Start pip3 install psutil git clone githubcom/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" > in/test python3 manulpy -i in -o out -n 4 "linux/test_afl @@" Installing Radamsa sudo