First published: Wed Nov 07 2018(Updated: )
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | =0.71.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/poppler | 20.09.0-3.1+deb11u1 22.12.0-2 24.08.0-3 |
https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19058 is a vulnerability in Poppler 0.71.0 that can lead to denial of service.
CVE-2018-19058 has a severity of 6.5 (medium).
CVE-2018-19058 affects Poppler 0.71.0 and can lead to denial of service.
CVE-2018-19058 affects Poppler 0.71.0, Ubuntu Linux 14.04, Ubuntu Linux 16.04, Ubuntu Linux 18.04, Ubuntu Linux 18.10, Debian Linux 8.0, Debian Linux 9.0, Debian Linux 10.0, Redhat Enterprise Linux Desktop 7.0, Redhat Enterprise Linux Server 7.0, and Redhat Enterprise Linux Workstation 7.0.
To fix CVE-2018-19058, you should update to the following versions: Poppler 0.71.0-5+deb10u3, Poppler 20.09.0-3.1+deb11u1, Poppler 22.12.0-2 (for Debian); Poppler 0.41.0-0ubuntu1.9 (for Ubuntu 16.04 with qualifiers xenial); Poppler 0.62.0-2ubuntu2.4 (for Ubuntu 18.04 with qualifiers bionic); Poppler 0.68.0-0ubuntu1.2 (for Ubuntu 18.10 with qualifiers cosmic); Poppler 0.24.5-2ubuntu4.13 (for Ubuntu 14.04 with qualifiers trusty).