ID CVE-2018-19058
Summary An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-02-2023 - 18:05)
Impact:
Exploitability:
CWE CWE-670
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2019:2022
rpms
  • evince-0:3.28.2-8.el7
  • evince-browser-plugin-0:3.28.2-8.el7
  • evince-debuginfo-0:3.28.2-8.el7
  • evince-devel-0:3.28.2-8.el7
  • evince-dvi-0:3.28.2-8.el7
  • evince-libs-0:3.28.2-8.el7
  • evince-nautilus-0:3.28.2-8.el7
  • okular-0:4.10.5-7.el7
  • okular-debuginfo-0:4.10.5-7.el7
  • okular-devel-0:4.10.5-7.el7
  • okular-libs-0:4.10.5-7.el7
  • okular-part-0:4.10.5-7.el7
  • poppler-0:0.26.5-38.el7
  • poppler-cpp-0:0.26.5-38.el7
  • poppler-cpp-devel-0:0.26.5-38.el7
  • poppler-debuginfo-0:0.26.5-38.el7
  • poppler-demos-0:0.26.5-38.el7
  • poppler-devel-0:0.26.5-38.el7
  • poppler-glib-0:0.26.5-38.el7
  • poppler-glib-devel-0:0.26.5-38.el7
  • poppler-qt-0:0.26.5-38.el7
  • poppler-qt-devel-0:0.26.5-38.el7
  • poppler-utils-0:0.26.5-38.el7
refmap via4
misc https://gitlab.freedesktop.org/poppler/poppler/issues/659
mlist
  • [debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update
  • [debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update
ubuntu USN-3837-1
Last major update 11-02-2023 - 18:05
Published 07-11-2018 - 16:29
Last modified 11-02-2023 - 18:05
Back to Top