First published: Thu May 05 2022(Updated: )
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
=22.03.0 | ||
=36 | ||
=10.0 | ||
=11.0 | ||
freedesktop poppler | =22.03.0 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/poppler | <=0.71.0-5 | 0.71.0-5+deb10u3 20.09.0-3.1+deb11u1 22.12.0-2 |
ubuntu/poppler | <22.02.0-2ubuntu0.2 | 22.02.0-2ubuntu0.2 |
ubuntu/poppler | <0.86.1-0ubuntu1.2 | 0.86.1-0ubuntu1.2 |
https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27337 is a logic error vulnerability in the Hints::Hints function of Poppler v22.03.0 that can be exploited by attackers to cause a Denial of Service (DoS) through a specially crafted PDF file.
CVE-2022-27337 affects Poppler version 22.03.0.
The severity of CVE-2022-27337 is high with a severity value of 7.
To fix CVE-2022-27337 on Ubuntu, update the poppler package to version 22.02.0-2ubuntu0.2.
To fix CVE-2022-27337 on Debian, update the poppler package to a version between 0.71.0-5+deb10u2 and 0.71.0-5.