Integer Overflow in JPXStream::init function in Poppler 0.78.0 and earlier

Integer Overflow in JPXStream::init function in Poppler 0.78.0 and earlier

CVE-2019-9959 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

Learn more about our Web Application Penetration Testing UK.