PT-2018-3821 · Poppler+4 · Poppler+4

Publicado

2018-05-05

Atualizado

2020-06-16

CVE-2018-10768

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Poppler version 0.24.5

Description The issue is related to a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. This can be exploited by a crafted input, leading to a remote denial of service attack. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Poppler version 0.24.5, consider updating to a later version such as Poppler 0.41.0, which is not affected by this issue. As a temporary workaround, consider restricting the use of the AnnotPath::getCoordsLength function in Annot.h to minimize the risk of exploitation.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

BDU:2022-05816

CESA-2018_3140

CVE-2018-10768

DLA-1562-1

MGASA-2018-0290

RHSA-2018:3140

RHSA-2018_3140

SUSE-SU-2020:1626-1

SUSE-SU-2020_1626-1

USN-3647-1

Produtos afetados

Centos

Poppler

Red Hat

Suse

Ubuntu

PT-2018-3821 · Poppler+4 · Poppler+4

CVE-2018-10768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 697