Source: poppler Version: 0.71.0-6 Severity: important Tags: security upstream Forwarded: https://gitlab.freedesktop.org/poppler/poppler/issues/805 Control: found -1 0.71.0-5 Control: fixed -1 0.81.0-1
Hi, The following vulnerability was published for poppler. CVE-2019-9959[0]: | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't | check for negative values of stream length, leading to an Integer | Overflow, thereby making it possible to allocate a large memory chunk | on the heap, with a size controlled by an attacker, as demonstrated by | pdftocairo. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959 [1] https://gitlab.freedesktop.org/poppler/poppler/issues/805 [2] https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 Please adjust the affected versions in the BTS as needed. Regards, Salvatore