Freedesktop Poppler 0.76.1 Remote Code Execution Vulnerability

Summary

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

Credit:

The information has been provided by Freedesktop
The original article can be found at: https://gitlab.freedesktop.org/poppler/poppler/issues/768


Details

Freedesktop Poppler is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • Freedesktop Poppler 0.76.1

CVE Information:

CVE-2019-12293

Disclosure Timeline:
Publish Date:05/23/2019

Categories: News