PT-2018-2760 · Poppler+4 · Poppler+4

Skysider

·

Publicado

2018-12-28

·

Atualizado

2021-12-01

·

CVE-2018-20551

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Poppler version 0.72.0
Description The issue is related to insufficient input validation in the Poppler library, which can lead to a denial of service. Specifically, it involves the construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. This can cause a reachable Object::getString assertion, allowing attackers to exploit the issue.
Recommendations For Poppler version 0.72.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-01747
CESA-2019_2713
CVE-2018-20551
MGASA-2019-0092
OPENSUSE-SU-2021:3854-1
OPENSUSE-SU-2021_3854-1
RHSA-2019:2713
RHSA-2019_2713
SUSE-SU-2021:3854-1
USN-3886-1

Produtos afetados

Centos
Poppler
Red Hat
Suse
Ubuntu