Vulnerabilities > CVE-2019-10871 - Out-of-bounds Read vulnerability in Freedesktop Poppler 0.74.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
freedesktop
CWE-125
nessus
NVD
Published: 2019-04-05
Updated: 2023-11-07

Summary

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

Vulnerable Configurations

Part Description Count
Application
Freedesktop
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2713.NASL
    descriptionFrom Red Hat Security Advisory 2019:2713 : An update for poppler is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871) * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) * poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903) * poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128846
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128846
    titleOracle Linux 8 : poppler (ELSA-2019-2713)
  • NASL familyMisc.
    NASL idPOPPLER_0_74.NASL
    descriptionThe version of Poppler installed on the remote host is prior or equal to 0.74.0. It is, therefore, affected by the following vulnerabilities : - Multiple input-validation flaws exist that allow heap buffer overflows leading to application crashes and other unspecified impact. (CVE-2019-7310, CVE-2019-9200, CVE-2019-10871, CVE-2019-10872) - A flaw exists related to the function
    last seen2020-06-01
    modified2020-06-02
    plugin id123511
    published2019-03-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123511
    titlePoppler <= 0.74.0 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2713.NASL
    descriptionAn update for poppler is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871) * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) * poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903) * poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128850
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128850
    titleRHEL 8 : poppler (RHSA-2019:2713)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1963.NASL
    descriptionThe fix for CVE-2019-10871 broke xpdf. This change has been reverted until a better fix can be developed. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id130030
    published2019-10-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130030
    titleDebian DLA-1963-2 : poppler regression update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-0EA42F074E.NASL
    descriptionSecurity fix for CVE-2019-12293, CVE-2019-10872 and CVE-2019-10871. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126130
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126130
    titleFedora 29 : poppler (2019-0ea42f074e)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL
    description* poppler: integer overflow in Parser::makeStream in Parser.cc * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler: integer overflow in JPXStream::init function leading to memory consumption * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
    last seen2020-04-30
    modified2020-04-21
    plugin id135829
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135829
    titleScientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407)

Redhat

advisories
rhsa
idRHSA-2019:2713
rpms
  • poppler-0:0.66.0-11.el8_0.12
  • poppler-cpp-0:0.66.0-11.el8_0.12
  • poppler-cpp-debuginfo-0:0.66.0-11.el8_0.12
  • poppler-cpp-devel-0:0.66.0-11.el8_0.12
  • poppler-debuginfo-0:0.66.0-11.el8_0.12
  • poppler-debugsource-0:0.66.0-11.el8_0.12
  • poppler-devel-0:0.66.0-11.el8_0.12
  • poppler-glib-0:0.66.0-11.el8_0.12
  • poppler-glib-debuginfo-0:0.66.0-11.el8_0.12
  • poppler-glib-devel-0:0.66.0-11.el8_0.12
  • poppler-qt5-0:0.66.0-11.el8_0.12
  • poppler-qt5-debuginfo-0:0.66.0-11.el8_0.12
  • poppler-qt5-devel-0:0.66.0-11.el8_0.12
  • poppler-utils-0:0.66.0-11.el8_0.12
  • poppler-utils-debuginfo-0:0.66.0-11.el8_0.12
  • evince-0:3.28.2-9.el7
  • evince-browser-plugin-0:3.28.2-9.el7
  • evince-debuginfo-0:3.28.2-9.el7
  • evince-devel-0:3.28.2-9.el7
  • evince-dvi-0:3.28.2-9.el7
  • evince-libs-0:3.28.2-9.el7
  • evince-nautilus-0:3.28.2-9.el7
  • poppler-0:0.26.5-42.el7
  • poppler-cpp-0:0.26.5-42.el7
  • poppler-cpp-devel-0:0.26.5-42.el7
  • poppler-debuginfo-0:0.26.5-42.el7
  • poppler-demos-0:0.26.5-42.el7
  • poppler-devel-0:0.26.5-42.el7
  • poppler-glib-0:0.26.5-42.el7
  • poppler-glib-devel-0:0.26.5-42.el7
  • poppler-qt-0:0.26.5-42.el7
  • poppler-qt-devel-0:0.26.5-42.el7
  • poppler-utils-0:0.26.5-42.el7

References