Описание
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).
A stack overflow flaw has been discovered in Poppler. This stack overflow which leads to a SIGSEGV crash occurs via deeply nested structures within the metadata of a PDF document. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).
Отчет
On Red Hat systems a process which issues a SIGSEGV signal is terminated. The only risk to Red Hat users is that the process using poppler may halt.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | poppler | Fix deferred | ||
| Red Hat Enterprise Linux 6 | poppler | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-poppler022 | Not affected | ||
| Red Hat Enterprise Linux 7 | poppler | Not affected | ||
| Red Hat Enterprise Linux 8 | poppler | Not affected | ||
| Red Hat Enterprise Linux 9 | poppler | Not affected |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS3
Связанные уязвимости
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption a ...
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).
Уязвимость библиотеки для отображения PDF-файлов Poppler, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании
4 Medium
CVSS3