Vulnerability Details : CVE-2019-7310
Potential exploit
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Vulnerability category: Denial of service
Products affected by CVE-2019-7310
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.73.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-7310
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-7310
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-7310
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
-
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-7310
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/
[SECURITY] Fedora 28 Update: poppler-0.62.0-16.fc28 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2022
RHSA-2019:2022 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://gitlab.freedesktop.org/poppler/poppler/issues/717
Heap buffer overflow in XRef::getEntry due to integer overflow (#717) · Issues · poppler / poppler · GitLabExploit;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
[SECURITY] [DLA 2440-1] poppler security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2713
RHSA-2019:2713 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/106829
Poppler 'XRef.cc' Heap Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3886-1/
USN-3886-1: poppler vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
[SECURITY] [DLA 1706-1] poppler security updateMailing List;Third Party Advisory
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
12797 - poppler/pdf_fuzzer: Heap-buffer-overflow in XRef::getEntry - oss-fuzz - MonorailIssue Tracking;Permissions Required;Third Party Advisory
Jump to