First published: Mon Jul 31 2023(Updated: )
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
freedesktop poppler | <23.06.0 | |
<23.06.0 | ||
ubuntu/poppler | <23.06.0 | 23.06.0 |
ubuntu/poppler | <22.02.0-2ubuntu0.2 | 22.02.0-2ubuntu0.2 |
ubuntu/poppler | <22.12.0-2ubuntu1.1 | 22.12.0-2ubuntu1.1 |
ubuntu/poppler | <22.12.0-2ubuntu2 | 22.12.0-2ubuntu2 |
debian/poppler | <=22.12.0-2 | 0.71.0-5 0.71.0-5+deb10u3 20.09.0-3.1+deb11u1 |
https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-34872 is a vulnerability in Outline.cc for Poppler prior to 23.06.0 that allows a remote attacker to cause a Denial of Service (DoS) via a crafted PDF file in OutlineItem::open.
CVE-2023-34872 has a severity rating of medium (5.5) and can cause a Denial of Service (DoS) (crash) in the affected software.
Poppler versions prior to 23.06.0 are affected by CVE-2023-34872.
To fix CVE-2023-34872, update Poppler to version 23.06.0 or later.
More information about CVE-2023-34872 can be found at the following references: [Link 1](https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe), [Link 2](https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399), [Link 3](https://launchpad.net/bugs/cve/CVE-2023-34872).