Bug 1685966 (CVE-2019-9545) - CVE-2019-9545 poppler: recursive function call in JBIG2Stream::readTextRegion() in JBIG2Stream.cc causing denial of service
Summary: CVE-2019-9545 poppler: recursive function call in JBIG2Stream::readTextRegion...
Keywords:
Status: CLOSED DUPLICATE of bug 1685971
Alias: CVE-2019-9545
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1685967 1686747 1686751
Blocks: 1685969
TreeView+ depends on / blocked
 
Reported: 2019-03-06 12:07 UTC by Dhananjay Arunesh
Modified: 2021-02-16 22:18 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-14 09:51:04 UTC
Embargoed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-03-06 12:07:25 UTC 
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

Reference:
https://gitlab.freedesktop.org/poppler/poppler/issues/731
Comment 1 Dhananjay Arunesh 2019-03-06 12:07:36 UTC 
Created poppler tracking bugs for this issue:

Affects: fedora-all [bug 1685967]
Comment 6 Stefan Cornelius 2019-03-14 09:51:04 UTC 

*** This bug has been marked as a duplicate of bug 1685971 ***
Comment 7 Doran Moppert 2020-06-17 03:47:33 UTC 
Statement:

This flaw was found to be a duplicate of $DUP. Please see https://access.redhat.com/security/cve/$DUP for information about affected products and security errata.
Note You need to log in before you can comment on or make changes to this bug.