A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9200
Reference (s):
- BID:107172
- URL: http://www.securityfocus.com/bid/107172
- FEDORA:FEDORA-2019-13ba3be562
- URL: https://lists.fedoraproject.org/archives/list/[email protected]/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/
- FEDORA:FEDORA-2019-14040bfa27