Vulnerability CVE-2018-13988


Published: 2018-07-25   Modified: 2018-07-26

Description:
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Poppler v0.62.0 Memory Corruption Vulnerability
Hosein Askari
21.07.2018

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Ansible tower 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux workstation 
Redhat -> Openshift container platform 
Freedesktop -> Poppler 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3140
https://access.redhat.com/errata/RHSA-2018:3505
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988
https://bugzilla.redhat.com/show_bug.cgi?id=1602838
https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
https://usn.ubuntu.com/3757-1/

Copyright 2024, cxsecurity.com

 

Back to Top