CVE-2019-10871

Published: 05 April 2019

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.86.1-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Patches:
Upstream: https://gitlab.freedesktop.org/poppler/poppler/-/commit/2e32545b1d2e31359775a65ef34e0385c9079126
Upstream: https://gitlab.freedesktop.org/poppler/poppler/-/commit/dc77116d0a27f70eeba4a0a4e8733759cd867f3d