Back to search
CVE-2018-20481
Published: Dec 26, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://gitlab.freedesktop.org/poppler/poppler/issues/692
x_refsource_MISC
USN-3865-1
vendor-advisory
x_refsource_UBUNTU
[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update
mailing-list
x_refsource_MLIST
106321
vdb-entry
x_refsource_BID
RHSA-2019:2022
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2713
vendor-advisory
x_refsource_REDHAT
[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now