{"id":"CVE-2019-7310","details":"In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.","modified":"2026-04-16T00:01:04.218205015Z","published":"2019-02-03T03:29:00.277Z","related":["SUSE-SU-2021:3854-1","SUSE-SU-2022:1723-1","SUSE-SU-2022:1724-1","SUSE-SU-2023:2906-1","SUSE-SU-2023:2907-1","SUSE-SU-2023:3241-1","openSUSE-SU-2021:3854-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"14.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"16.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"18.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"18.10"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"28"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.1"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.2"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.4"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.2"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.4"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.2"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.4"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106829"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3886-1/"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797"},{"type":"EVIDENCE","url":"https://gitlab.freedesktop.org/poppler/poppler/issues/717"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/poppler/poppler","events":[{"introduced":"0"},{"last_affected":"67e46f6e1339f830f9f8b6fd27e38708b4cf4b0e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.73.0"}],"cpe":"cpe:2.3:a:freedesktop:poppler:0.73.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["poppler-0.10.0","poppler-0.11.0","poppler-0.11.1","poppler-0.11.2","poppler-0.11.3","poppler-0.12.0","poppler-0.13.1","poppler-0.13.2","poppler-0.13.3","poppler-0.13.4","poppler-0.14.0","poppler-0.15.0","poppler-0.15.1","poppler-0.15.2","poppler-0.15.3","poppler-0.16.0","poppler-0.17.0","poppler-0.17.1","poppler-0.17.2","poppler-0.17.3","poppler-0.17.4","poppler-0.18.0","poppler-0.19.0","poppler-0.19.1","poppler-0.19.2","poppler-0.19.3","poppler-0.19.4","poppler-0.2.0","poppler-0.20.0","poppler-0.21.0","poppler-0.21.1","poppler-0.21.3","poppler-0.21.4","poppler-0.22.0","poppler-0.23.0","poppler-0.23.1","poppler-0.23.2","poppler-0.23.3","poppler-0.23.4","poppler-0.24.0","poppler-0.25.0","poppler-0.25.1","poppler-0.25.2","poppler-0.25.3","poppler-0.26.0","poppler-0.28.0","poppler-0.28.1","poppler-0.29.0","poppler-0.3.0","poppler-0.3.1","poppler-0.3.2","poppler-0.3.3","poppler-0.30.0","poppler-0.31.0","poppler-0.32.0","poppler-0.33.0","poppler-0.34.0","poppler-0.35.0","poppler-0.36","poppler-0.37","poppler-0.38.0","poppler-0.39","poppler-0.4.0","poppler-0.40.0","poppler-0.41.0","poppler-0.42.0","poppler-0.43","poppler-0.44","poppler-0.45","poppler-0.46","poppler-0.47","poppler-0.48","poppler-0.49","poppler-0.5.0","poppler-0.5.1","poppler-0.5.2","poppler-0.5.3","poppler-0.5.4","poppler-0.50","poppler-0.51","poppler-0.52","poppler-0.53","poppler-0.54","poppler-0.58","poppler-0.59","poppler-0.6.0","poppler-0.6.0.RC1","poppler-0.60","poppler-0.60.1","poppler-0.61","poppler-0.61.1","poppler-0.62.0","poppler-0.63.0","poppler-0.64.0","poppler-0.65.0","poppler-0.66.0","poppler-0.67.0","poppler-0.68.0","poppler-0.69.0","poppler-0.7.0","poppler-0.7.2","poppler-0.7.3","poppler-0.70.0","poppler-0.70.1","poppler-0.71.0","poppler-0.72.0","poppler-0.73.0","poppler-0.8.0","poppler-0.9.0","poppler-0.9.1","poppler-0.9.2","poppler-0.9.3","poppler-before-fontconfig"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7310.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}