CVE-2024-6239: Poppler: pdfinfo: crash in broken documents when using -dests parameter
First published: Fri Jun 21 2024(Updated: )
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/poppler | <=20.09.0-3.1+deb11u1<=22.12.0-2<=24.08.0-2 | |
| redhat/poppler | <24.06.0 | 24.06.0 |
| Poppler Utilities | <24.06.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2293594
- https://access.redhat.com/security/cve/CVE-2024-6239
- https://launchpad.net/bugs/cve/CVE-2024-6239
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1489
- https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2293595
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2293596
- https://access.redhat.com/errata/RHSA-2024:5305
- https://security-tracker.debian.org/tracker/CVE-2024-6239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6239
- https://nvd.nist.gov/vuln/detail/CVE-2024-6239
- https://ubuntu.com/security/CVE-2024-6239
- https://access.redhat.com/errata/RHSA-2024:9167
Frequently Asked Questions
What is the severity of CVE-2024-6239?
CVE-2024-6239 has been assessed as a denial of service vulnerability due to a flaw in the Pdfinfo utility of Poppler.
How do I fix CVE-2024-6239?
To address CVE-2024-6239, update Poppler to version 24.06.0 or later if you are using Red Hat, and for other distributions, ensure your version is updated beyond the vulnerable versions.
Which software is affected by CVE-2024-6239?
CVE-2024-6239 affects various versions of the Poppler utility, especially those prior to 24.06.0.
Can CVE-2024-6239 be exploited remotely?
CVE-2024-6239 can potentially be exploited by attackers who can provide malformed input files to the Pdfinfo utility.
What are the potential impacts of CVE-2024-6239?
The exploitation of CVE-2024-6239 can lead to application crashes, resulting in a denial of service condition.
- agent/weakness
- agent/title
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- agent/severity
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-6239
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/debian
- package-manager/redhat
- vendor/freedesktop
- canonical/poppler utilities
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0