CVE-2018-13988
Published: 25 July 2018
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
poppler Launchpad, Ubuntu, Debian |
bionic |
Released
(0.62.0-2ubuntu2.2)
|
| trusty |
Released
(0.24.5-2ubuntu4.12)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.41.0-0ubuntu1.8)
|
|
|
Patches: other: https://cgit.freedesktop.org/poppler/poppler/patch/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |