Freedesktop Poppler 0.76.1 Remote Code Execution Vulnerability


In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in via data with inconsistent heights or widths.


The information has been provided by Freedesktop
The original article can be found at:


Freedesktop Poppler is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • Freedesktop Poppler 0.76.1

CVE Information:


Disclosure Timeline:
Publish Date:05/23/2019

Categories: News