CVE-2018-19059

Опубликовано: 07 нояб. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

Ссылки

https://access.redhat.com/errata/RHSA-2019:2022
https://gitlab.freedesktop.org/poppler/poppler/issues/661
Exploit
Third Party Advisory
https://usn.ubuntu.com/3837-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2022
https://gitlab.freedesktop.org/poppler/poppler/issues/661
Exploit
Third Party Advisory
https://usn.ubuntu.com/3837-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00131

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-19059

CVSS3: 6.5

ubuntu

больше 6 лет назад

CVE-2018-19059

CVSS3: 3.3

redhat

больше 6 лет назад

CVE-2018-19059

CVSS3: 6.5

debian

больше 6 лет назад

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...

GHSA-r3qg-qq2r-grgr

CVSS3: 6.5

github

около 3 лет назад

ELSA-2019-2022

oracle-oval

почти 6 лет назад

ELSA-2019-2022: poppler security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 34%

0.00131

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125