Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-20481

Опубликовано: 26 дек. 2018
Источник: debian

Описание

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
popplerfixed0.71.0-4package

Примечания

  • https://gitlab.freedesktop.org/poppler/poppler/issues/692

  • Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143

  • https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626

Связанные уязвимости

ubuntu логотип

CVE-2018-20481

CVSS3: 6.5
ubuntu
около 7 лет назад

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

redhat логотип

CVE-2018-20481

CVSS3: 3.3
redhat
около 7 лет назад

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

nvd логотип

CVE-2018-20481

CVSS3: 6.5
nvd
около 7 лет назад

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

github логотип

GHSA-hw98-2857-jggj

CVSS3: 6.5
github
больше 3 лет назад

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

fstec логотип

BDU:2021-01283

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость функции Xref::getEntry библиотеки для рендеринга PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании