CVE-2019-9543 - OpenCVE

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Freedesktop	Poppler

Configuration 1 [-]

cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/107238	Third Party Advisory VDB Entry
https://gitlab.freedesktop.org/poppler/poppler/issues/730	Exploit Third Party Advisory
https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-01T19:00:00

Updated: 2019-03-06T10:57:01

Reserved: 2019-03-01T00:00:00

Link: CVE-2019-9543

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-01T19:29:02.743

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-9543

JSON object: View

Redhat Information

No data.

CWE

CWE-674

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-06T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"}, {"name": "107238", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107238"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/", "refsource": "MISC", "url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"}, {"name": "107238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107238"}, {"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/730", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9543", "datePublished": "2019-03-01T19:00:00", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2019-03-06T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit."}, {"lang": "es", "value": "Se ha descubierto un problema en Poppler 0.74.0. Se puede desencadenar una llamada de funci\u00f3n recursiva en JBIG2Stream::readGenericBitmap(), ubicada en JBIG2Stream.cc, mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdfseparate. Permite que un atacante provoque una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o, posiblemente, otro impacto sin especificar. Esto est\u00e1 relacionado con JArithmeticDecoder::decodeBit."}], "id": "CVE-2019-9543", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-01T19:29:02.743", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107238"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}