First published: Tue Aug 22 2023(Updated: )
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | =22.08.0 | |
=22.08.0 | ||
debian/poppler | <=0.71.0-5<=0.71.0-5+deb10u3<=20.09.0-3.1+deb11u1 | 22.12.0-2 |
ubuntu/poppler | <22.12.0-2 | 22.12.0-2 |
ubuntu/poppler | <0.62.0-2ubuntu2.14+ | 0.62.0-2ubuntu2.14+ |
ubuntu/poppler | <0.86.1-0ubuntu1.4 | 0.86.1-0ubuntu1.4 |
ubuntu/poppler | <22.02.0-2ubuntu0.3 | 22.02.0-2ubuntu0.3 |
ubuntu/poppler | <0.41.0-0ubuntu1.16+ | 0.41.0-0ubuntu1.16+ |
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in Poppler 22.08.0 is CVE-2022-38349.
The severity of CVE-2022-38349 is medium, with a CVSS score of 6.5.
CVE-2022-38349 is an issue in Poppler 22.08.0 that involves a reachable assertion in Object.h, leading to denial of service due to a lack of stream check.
CVE-2022-38349 affects Poppler 22.08.0 by introducing a reachable assertion vulnerability that can be exploited to cause denial of service.
Yes, there is a fix available for CVE-2022-38349. You can refer to the provided GitLab commit and issue links for more information.