CVE-2019-12293

Summary

CVE	CVE-2019-12293
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-05-23 05:29:00 UTC
Updated	2023-11-07 03:03:00 UTC
Description	In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Freedesktop	Poppler	All	All	All	All

References

Reference	Source	Link	Tags
Heap buffer overflow in JPXStream (#768) · Issues · poppler / poppler · GitLab	MISC	gitlab.freedesktop.org	Exploit, Vendor Advisory
[SECURITY] Fedora 29 Update: poppler-0.67.0-21.fc29 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Poppler CVE-2019-12293 Heap Buffer Overflow Vulnerability	BID	www.securityfocus.com
[SECURITY] Fedora 30 Update: poppler-0.73.0-13.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Red Hat Customer Portal	REDHAT	access.redhat.com
[SECURITY] Fedora 29 Update: poppler-0.67.0-21.fc29 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 1815-1] poppler security update	MLIST	lists.debian.org
[SECURITY] Fedora 30 Update: poppler-0.73.0-13.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
USN-4042-1: poppler vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
[SECURITY] [DLA 2287-1] poppler security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

377260 Alibaba Cloud Linux Security Update for poppler and evince (ALINUX2-SA-2020:0052)
670864 EulerOS Security Update for poppler (EulerOS-SA-2020-2436)
754197 SUSE Enterprise Linux Security Update for poppler (SUSE-SU-2023:2907-1)