Poppler CairoRescaleBox.cc downsample_row_box_filter Function Buffer Over-Read Vulnerability

By GIXnews


A vulnerability in Poppler could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is in the downsample_row_box_filter function defined in the source code file CairoRescaleBox.cc and is due to improper memory operations that are performed by the affected software. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the system completely.

Poppler has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: Critical

CVE: CVE-2019-9631

Source:: Cisco Multivendor Vulnerability Alerts