Vulnerability Details CVE-2019-11026
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://gitlab.freedesktop.org/poppler/poppler/issues/752
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/
- https://research.loginsoft.com/bugs/1508/
- https://gitlab.freedesktop.org/poppler/poppler/issues/752
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/
- https://research.loginsoft.com/bugs/1508/
Products affected by CVE-2019-11026
-
cpe:2.3:a:freedesktop:poppler:0.75.0
-
cpe:2.3:o:fedoraproject:fedora:28
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:fedoraproject:fedora:30