CVE-2018-18897
First published: Fri Nov 02 2018(Updated: )
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/poppler | 20.09.0-3.1+deb11u1 22.12.0-2 25.01.0-4 | |
| Poppler Utilities | =0.71.0 | |
| Debian | =10.0 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =18.10 | |
| Ubuntu Linux | =19.04 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =8.1 | |
| Red Hat Enterprise Linux Server EUS | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.4 | |
| Red Hat Enterprise Linux Server EUS | =8.6 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Poppler | =0.71.0 |
Remedy
https://gitlab.freedesktop.org/poppler/poppler/commit/e07c8b4784234383cb5ddcf1133ea91a772506e2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2019:2022
- https://access.redhat.com/errata/RHSA-2019:2713
- https://gitlab.freedesktop.org/poppler/poppler/issues/654
- https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
- https://usn.ubuntu.com/4042-1/
- https://launchpad.net/bugs/cve/CVE-2018-18897
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1646550
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1646549
- https://access.redhat.com/support/policy/updates/errata/
- https://access.redhat.com/security/cve/cve-2018-18897
- https://bugzilla.redhat.com/show_bug.cgi?id=1646546
- https://gitlab.freedesktop.org/poppler/poppler/commit/e07c8b4784234383cb5ddcf1133ea91a772506e2
- https://security-tracker.debian.org/tracker/CVE-2018-18897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897
- https://nvd.nist.gov/vuln/detail/CVE-2018-18897
- https://ubuntu.com/security/CVE-2018-18897
Frequently Asked Questions
What is CVE-2018-18897?
CVE-2018-18897 is a vulnerability in Poppler 0.71.0 that causes a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc.
How severe is CVE-2018-18897?
CVE-2018-18897 has a severity rating of 6.5 (Medium).
Which software versions are affected by CVE-2018-18897?
Poppler 0.71.0, Debian Linux 10.0, Ubuntu Linux 16.04, Ubuntu Linux 18.04, Ubuntu Linux 18.10, Ubuntu Linux 19.04, Redhat Enterprise Linux 8.0, Redhat Enterprise Linux Desktop 7.0, Redhat Enterprise Linux Eus 8.1, Redhat Enterprise Linux Eus 8.2, Redhat Enterprise Linux Eus 8.4, Redhat Enterprise Linux Eus 8.6, Redhat Enterprise Linux Server 7.0, Redhat Enterprise Linux Server Aus 8.2, Redhat Enterprise Linux Server Aus 8.4, Redhat Enterprise Linux Server Aus 8.6, Redhat Enterprise Linux Server Tus 8.2, Redhat Enterprise Linux Server Tus 8.4, Redhat Enterprise Linux Server Tus 8.6, Redhat Enterprise Linux Workstation 7.0.
What is the remedy for CVE-2018-18897?
The remedy for CVE-2018-18897 is to update to version 0.62.0-2ubuntu2.9 (Ubuntu), version 0.68.0-0ubuntu1.7 (Ubuntu), version 0.41.0-0ubuntu1.14 (Ubuntu), version 0.71.0-5+deb10u3, 20.09.0-3.1+deb11u1, or 22.12.0-2 (Debian), or apply the necessary patches.
Where can I find more information about CVE-2018-18897?
You can find more information about CVE-2018-18897 at the following references: [Reference 1](https://gitlab.freedesktop.org/poppler/poppler/issues/654), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1646550), [Reference 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1646549).
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-18897
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- package-manager/debian
- vendor/freedesktop
- canonical/poppler utilities
- version/poppler utilities/0.71.0
- vendor/debian
- canonical/debian
- version/debian/10.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/18.10
- version/ubuntu linux/19.04
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.1
- version/red hat enterprise linux server eus/8.2
- version/red hat enterprise linux server eus/8.4
- version/red hat enterprise linux server eus/8.6
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- version/red hat enterprise linux server/8.6
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- canonical/poppler
- version/poppler/0.71.0