vulnerability
Oracle Linux: CVE-2019-7310: ELSA-2019-2022: poppler security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | 2019-02-01 | 2020-07-21 | 2024-12-06 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
2019-02-01
Added
2020-07-21
Modified
2024-12-06
Description
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Solution(s)
oracle-linux-upgrade-evinceoracle-linux-upgrade-evince-browser-pluginoracle-linux-upgrade-evince-develoracle-linux-upgrade-evince-dvioracle-linux-upgrade-evince-libsoracle-linux-upgrade-evince-nautilusoracle-linux-upgrade-okularoracle-linux-upgrade-okular-develoracle-linux-upgrade-okular-libsoracle-linux-upgrade-okular-partoracle-linux-upgrade-poppleroracle-linux-upgrade-poppler-cpporacle-linux-upgrade-poppler-cpp-develoracle-linux-upgrade-poppler-demosoracle-linux-upgrade-poppler-develoracle-linux-upgrade-poppler-gliboracle-linux-upgrade-poppler-glib-develoracle-linux-upgrade-poppler-qtoracle-linux-upgrade-poppler-qt5oracle-linux-upgrade-poppler-qt5-develoracle-linux-upgrade-poppler-qt-develoracle-linux-upgrade-poppler-utils
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.