CVE-2018-20662

Опубликовано: 03 янв. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

Ссылки

https://access.redhat.com/errata/RHSA-2019:2022
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2713
Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
Patch
Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/issues/706
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/
https://usn.ubuntu.com/4042-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2022
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2713
Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
Patch
Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/issues/706
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00468

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-20662

CVSS3: 6.5

ubuntu

больше 6 лет назад

CVE-2018-20662

CVSS3: 3.3

redhat

больше 6 лет назад

CVE-2018-20662

CVSS3: 6.5

debian

больше 6 лет назад

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...

SUSE-SU-2023:4942-1

suse-cvrf

больше 1 года назад

Security update for poppler

SUSE-SU-2023:4690-1

suse-cvrf

больше 1 года назад

Security update for poppler

EPSS

Процентиль: 63%

0.00468

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20