CVE-2018-20650

Published: Jan 1, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.freedesktop.org/poppler/poppler/issues/704

x_refsource_MISC

https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7

x_refsource_MISC

106459

vdb-entry

x_refsource_BID

USN-3865-1

vendor-advisory

x_refsource_UBUNTU

RHSA-2019:2022

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2713

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-20650

Description

Affected Products

References