漏洞信息详情

Poppler 缓冲区错误漏洞

  • CNNVD编号:CNNVD-201904-261
  • 危害等级: 中危
  • CVE编号: CVE-2019-10871
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2019-04-04
  • 威胁类型: 远程
  • 更新时间: 2022-05-20
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

Poppler是一个用于生成PDF的C++类库,该库是从Xpdf(PDF阅读器)继承而来。

Poppler 0.74.0版本中的PSOutputDev.cc文件的‘PSOutputDev::checkPageSlice’函数存在缓冲区错误漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

漏洞公告

目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:

https://poppler.freedesktop.org/

参考网址

来源:BID

链接:http://www.securityfocus.com/bid/107862

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/

来源:BID

链接:https://www.securityfocus.com/bid/107862

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2019-10873

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2019-10872

来源:bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1696638

来源:bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1696637

来源:bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1696636

来源:poppler.freedesktop.org

链接:https://poppler.freedesktop.org/releases.html

来源:poppler.freedesktop.org

链接:http://poppler.freedesktop.org/

来源:gitlab.freedesktop.org

链接:https://gitlab.freedesktop.org/poppler/poppler/issues/748

来源:gitlab.freedesktop.org

链接:https://gitlab.freedesktop.org/poppler/poppler/issues/750

来源:gitlab.freedesktop.org

链接:https://gitlab.freedesktop.org/poppler/poppler/issues/751

来源:lists.debian.org

链接:https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html

来源:lists.debian.org

链接:https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4195/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4195.2/

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2019-10871

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.3467/

来源:www.securityfocus.com

链接:https://www.securityfocus.com/bid/107862

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.3903.2/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.2464

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/154449/Red-Hat-Security-Advisory-2019-2713-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4080

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Poppler-out-of-bounds-memory-reading-via-PSOutputDev-checkPageSlice-29563

受影响实体

    暂无


补丁

    暂无

漏洞信息快速查询

相关漏洞

更多