CVE-2018-21009

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 0.66.0

Description The issue is related to an integer overflow in the Parser::makeStream function in Parser.cc. This can potentially allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 0.66.0, update to version 0.66.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Parser::makeStream function until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2021-01306

CESA-2020_1074

CVE-2018-21009

DLA-1939-1

DLA-2287-1

RHSA-2020:1074

RHSA-2020_1074

SUSE-SU-2023:2838-1

SUSE-SU-2023:2906-1

SUSE-SU-2023:2907-1

USN-4646-1

USN-4646-2

Affected Products

Centos

Poppler

Red Hat

Suse

Ubuntu

CVE-2018-21009

Weakness Enumeration

Related Identifiers

Affected Products

References · 114