CVE-2018-19149

Published: 10 November 2018

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
poppler Launchpad, Ubuntu, Debian	bionic	Released (0.62.0-2ubuntu2.3)
	cosmic	Released (0.68.0-0ubuntu1.1)
	precise	Does not exist
	trusty	Does not exist (trusty was released [0.24.5-2ubuntu4.13])
	upstream	Needs triage
	xenial	Released (0.41.0-0ubuntu1.9)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.