Описание
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to std::vector elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to std::vectors. Internally, std::vector stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
A use-after-free vulnerability has been identified in Poppler’s StructTreeRoot class when processing specially crafted PDF documents. An attacker could exploit this flaw by persuading a user to open a malicious PDF file, or by placing such a file on a share that is later previewed, causing the application to reference freed memory. This can lead to unexpected behavior in the context of the application handling the PDF.
Отчет
This flaw has been rated Moderate impact by Red Hat Product Security. Exploitation requires a local user to open a maliciously crafted PDF file. Successful attacks could majorly lead to the application to crash. Because user interaction and local access are required, the likelihood of exploitation in typical environments is considered Moderate to Low.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability beyond the update recommendation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | poppler | Fix deferred | ||
| Red Hat Enterprise Linux 6 | poppler | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-poppler022 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | poppler | Out of support scope | ||
| Red Hat Enterprise Linux 8 | poppler | Out of support scope | ||
| Red Hat Enterprise Linux 9 | poppler | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
6.6 Medium
CVSS3
Связанные уязвимости
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointer...
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers o
Poppler ia a library for rendering PDF files, and examining or modifyi ...
Уязвимость библиотеки для отображения PDF-файлов Poppler, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
6.6 Medium
CVSS3