Headline
CVE-2019-9959: NEWS · master · poppler / poppler · GitLab
The JPXStream::init function in Poppler 0.78.0 and earlier doesn’t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
poppler
NEWS
To find the state of this project’s repository at the time of any of these versions, check out the tags.