First published: Tue Aug 22 2023(Updated: )
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | =22.07.0 | |
=22.07.0 | ||
debian/poppler | <=0.71.0-5<=0.71.0-5+deb10u3<=20.09.0-3.1+deb11u1 | 22.12.0-2 |
ubuntu/poppler | <22.08.0-2 | 22.08.0-2 |
ubuntu/poppler | <0.62.0-2ubuntu2.14+ | 0.62.0-2ubuntu2.14+ |
ubuntu/poppler | <0.86.1-0ubuntu1.4 | 0.86.1-0ubuntu1.4 |
ubuntu/poppler | <22.02.0-2ubuntu0.3 | 22.02.0-2ubuntu0.3 |
ubuntu/poppler | <0.41.0-0ubuntu1.16+ | 0.41.0-0ubuntu1.16+ |
https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-37052.
The severity of CVE-2022-37052 is medium.
The affected software is Poppler version 22.07.0.
Attackers can exploit CVE-2022-37052 to cause a denial of service.
Yes, a fix is available for CVE-2022-37052. It is recommended to update to the latest version of Poppler.