buffer over-read in downsample_row_box_filter in poppler CVE-2019-9631 critical remote [released]

Tracked by Jolla (In release)

asked 2020-01-15 10:33:46 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2020-01-15 10:33:46 +0300

lpr gravatar image

https://nvd.nist.gov/vuln/detail/CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. CVSS3_base_score: 9.8 critical

This CVE and CVE-2019-14494 CVE-2018-20662 CVE-2019-9200 CVE-2019-9903 CVE-2019-10872 CVE-2019-10873 and CVE-2019-12293 and backport a fix for a regression on case-insensitive search should be fixed through update poppler-0.74.0 vanilla to poppler-0.74.0-0ubuntu1.3 .

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2020-04-05 15:05:20.970747

Comments

released in SFOS 3.3.0.14 Rokua by Poppler-upgrade to version 0.84

lpr ( 2020-04-05 15:05:09 +0300 )edit