Poppler 'XRef.cc' Heap Buffer Overflow Vulnerability

Bugtraq ID:	106829
Class:	Boundary Condition Error
CVE:	CVE-2019-7310
Remote:	Yes
Local:	No
Published:	Feb 02 2019 12:00AM
Updated:	Feb 02 2019 12:00AM
Credit:	Maksim
Vulnerable:	freedesktop Poppler 0.73
Not Vulnerable:

Poppler 'XRef.cc' Heap Buffer Overflow Vulnerability

Poppler is prone to a heap-based buffer-overflow vulnerability.

Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

Poppler 0.73.0 is vulnerable; other versions may also be affected.

Poppler 'XRef.cc' Heap Buffer Overflow Vulnerability

Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Poppler 'XRef.cc' Heap Buffer Overflow Vulnerability

Solution:
Reportedly, the issue is fixed; however, Symantec has not confirmed this. Please contact the vendor for more information.

Poppler 'XRef.cc' Heap Buffer Overflow Vulnerability

References:

• Heap buffer overflow in XRef::getEntry due to integer overflow (FreeDesktop)
  
• Poppler Homepage (Poppler)