Wind River Support Network

HomeDefectsLIN9-8077
Fixed

LIN9-8077 : Security Advisory - poppler - CVE-2019-7310

Created: Feb 14, 2019    Updated: Mar 6, 2019
Resolved Date: Mar 1, 2019
Found In Version: 9.0.0.19
Fix Version: 9.0.0.20
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

https://nvd.nist.gov/vuln/detail/CVE-2019-7310

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube