CVE-2018-21009

Published: 05 September 2019

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

Priority

Low

CVSS 3 base score: 8.8

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
Upstream
Released (0.69.0-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.62.0-2ubuntu2.11)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0.41.0-0ubuntu1.15)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a