First published: Thu Jan 03 2019(Updated: )
A flaw was found in Poppler 0.72.0. The PDFDoc::setup class in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. References: <a href="https://gitlab.freedesktop.org/poppler/poppler/issues/706">https://gitlab.freedesktop.org/poppler/poppler/issues/706</a> Upstream Patch: <a href="https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f">https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | =0.72.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/poppler | 20.09.0-3.1+deb11u1 22.12.0-2 24.08.0-3 |
https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-20662.
The severity of CVE-2018-20662 is medium with a CVSS score of 6.5.
CVE-2018-20662 allows attackers to cause a denial-of-service (application crash) in Poppler 0.72.0.
To fix the CVE-2018-20662 vulnerability, update Poppler to version 0.71.0-5 or later.
You can find more information about CVE-2018-20662 in the references provided: [GitLab commit](https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f), [GitLab issue](https://gitlab.freedesktop.org/poppler/poppler/issues/706), [Fedora mailing list](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/).