公告ID: KYLIN-2019-9959
安全等级: 低级
产品: Kylin V3
发布日期: 2019年7月23日
CVE: CVE-2019-9959
CVSS3评分: 6.2
概述:
None 描述:
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. 系统版本:
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
poppler
poppler