CVE-2018-16646

Опубликовано: 06 сент. 2018

Источник: debian

EPSS Низкий

Описание

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
poppler	fixed	0.71.0-4		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=1622951
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
https://gitlab.freedesktop.org/poppler/poppler/commit/3d35d209c19c1d3b09b794a0c863ba5de44a9c0a
https://gitlab.freedesktop.org/poppler/poppler/commit/89fccf45fc5bfca3756102e6bec1950ec1d436a9 (regression fix)
https://gitlab.freedesktop.org/poppler/poppler/commit/08572e1bdca03baed694dd9828bb2b878865e669 (regression fix)

EPSS

Процентиль: 83%

0.02113

Низкий

Связанные уязвимости

CVE-2018-16646

CVSS3: 6.5

ubuntu

почти 7 лет назад

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

CVE-2018-16646

CVSS3: 4.3

redhat

почти 7 лет назад

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

CVE-2018-16646

CVSS3: 6.5

nvd

почти 7 лет назад

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

GHSA-7rfh-f9f4-m45f

CVSS3: 6.5

github

около 3 лет назад

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

BDU:2021-01284

fstec

больше 6 лет назад

Уязвимость функции Parser::getObj() библиотеки для рендеринга PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 83%

0.02113

Низкий