CVE-2019-12293

Published: 23 May 2019

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.62.0-2ubuntu2.9)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.41.0-0ubuntu1.14)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c