XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/106321 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2019:2022 - | |
References | () https://access.redhat.com/errata/RHSA-2019:2713 - | |
References | () https://gitlab.freedesktop.org/poppler/poppler/issues/692 - Exploit, Issue Tracking, Vendor Advisory | |
References | () https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143 - Patch, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html - | |
References | () https://usn.ubuntu.com/3865-1/ - Third Party Advisory |
Information
Published : 2018-12-26 04:29
Updated : 2024-11-21 04:01
NVD link : CVE-2018-20481
Mitre link : CVE-2018-20481
CVE.ORG link : CVE-2018-20481
JSON object : View
Products Affected
canonical
- ubuntu_linux
freedesktop
- poppler
debian
- debian_linux
CWE
CWE-476
NULL Pointer Dereference