vulnerability

Amazon Linux AMI: CVE-2019-7310: Security patch for poppler (ALAS-2019-1271)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	2019-02-02	2019-08-28	2022-10-14

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

2019-02-02

Added

2019-08-28

Modified

2022-10-14

Description

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

Solution

amazon-linux-upgrade-poppler

References

AMAZON-ALAS-2019-1271
UBUNTU-USN-3886-1
NVD-CVE-2019-7310

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today