First published: Sat Nov 10 2018(Updated: )
An issue was found in Poppler before 0.70.0. A NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. References: <a href="https://gitlab.freedesktop.org/poppler/poppler/issues/664">https://gitlab.freedesktop.org/poppler/poppler/issues/664</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | <0.70.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
debian/poppler | 20.09.0-3.1+deb11u1 22.12.0-2 24.08.0-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19149 is a vulnerability in Poppler before 0.70.0 that allows for a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-19149 has a severity rating of 6.5, which is considered medium.
To fix CVE-2018-19149, update to Poppler version 0.71.0-5 or later.
You can find more information about CVE-2018-19149 on the GitLab page for Poppler, the SecurityFocus website, and the Ubuntu Security Notice 3837-1.
The Common Weakness Enumeration (CWE) for CVE-2018-19149 is CWE-476, which is a vulnerability related to NULL Pointer Dereference.