Your submission was sent successfully! Close

CVE-2018-20650

Published: 1 January 2019

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
bionic
Released (0.62.0-2ubuntu2.6)
cosmic
Released (0.68.0-0ubuntu1.4)
precise Does not exist

trusty Does not exist
(trusty was released [0.24.5-2ubuntu4.15])
upstream Needs triage

xenial
Released (0.41.0-0ubuntu1.11)
Patches:
upstream: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7