First published: Tue Aug 22 2023(Updated: )
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/poppler | <0.41.0-0ubuntu1.16+ | 0.41.0-0ubuntu1.16+ |
ubuntu/poppler | <0.62.0-2ubuntu2.14+ | 0.62.0-2ubuntu2.14+ |
ubuntu/poppler | <0.86.1-0ubuntu1.4 | 0.86.1-0ubuntu1.4 |
ubuntu/poppler | <22.02.0-2ubuntu0.3 | 22.02.0-2ubuntu0.3 |
ubuntu/poppler | <22.08.0-2 | 22.08.0-2 |
freedesktop poppler | =22.07.0 | |
Debian Debian Linux | =10.0 | |
=22.07.0 | ||
=10.0 | ||
debian/poppler | <=0.71.0-5<=20.09.0-3.1+deb11u1 | 0.71.0-5+deb10u3 22.12.0-2 |
https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37050 is a vulnerability in the Poppler software library that allows attackers to cause a denial-of-service by crafting a malicious PDF file.
CVE-2022-37050 has a severity rating of medium with a CVSS score of 6.5.
CVE-2022-37050 affects Poppler version 22.07.0.
To fix CVE-2022-37050, users should update to a patched version of Poppler, such as a version later than 22.07.0.
More information about CVE-2022-37050 can be found in the references provided: [Reference 1](https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990), [Reference 2](https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274)