Total vulnerabilities in the database
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
| Software | From | Fixed in |
|---|---|---|
| freedesktop / poppler | - | 0.78.0.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| fedoraproject / fedora | 29 | 29.x |
| fedoraproject / fedora | 30 | 30.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux_eus | 8.1 | 8.1.x |
| redhat / enterprise_linux_eus | 8.2 | 8.2.x |
| redhat / enterprise_linux_server_tus | 8.2 | 8.2.x |
| redhat / enterprise_linux_server_aus | 8.2 | 8.2.x |
| redhat / enterprise_linux_server_tus | 8.4 | 8.4.x |
| redhat / enterprise_linux_eus | 8.4 | 8.4.x |
| redhat / enterprise_linux_server_aus | 8.4 | 8.4.x |
| redhat / enterprise_linux_server_aus | 8.6 | 8.6.x |
| redhat / enterprise_linux_server_tus | 8.6 | 8.6.x |
| redhat / enterprise_linux_eus | 8.6 | 8.6.x |