CVE-2018-19060

Published: 07 November 2018

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.62.0-2ubuntu2.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.41.0-0ubuntu1.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.24.5-2ubuntu4.13])
Patches:
Upstream: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a