admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 17:50:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-9545.md

20 lines
1013 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2019-9545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9545)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
### POC
#### Reference
- https://gitlab.freedesktop.org/poppler/poppler/issues/731
- https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/
#### Github
- https://github.com/0xCyberY/CVE-T4PDF
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue Copy Permalink