Your submission was sent successfully! Close

CVE-2018-20481

Published: 25 December 2018

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
bionic
Released (0.62.0-2ubuntu2.6)
cosmic
Released (0.68.0-0ubuntu1.4)
precise Does not exist

trusty Does not exist
(trusty was released [0.24.5-2ubuntu4.15])
upstream Needs triage

xenial
Released (0.41.0-0ubuntu1.11)
Patches:
upstream: https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626