CVE-2022-37050

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Poppler version 22.07.0

Description The issue is related to the handling of the xref data structure in getCatalog processing, which can be exploited by crafting a malicious PDF file. This can cause a denial-of-service, leading to application crashes with SIGABRT. The vulnerability is a result of an incomplete patch.

Recommendations For Poppler version 22.07.0, consider applying a patch or fix that properly handles the xref data structure in getCatalog processing to prevent denial-of-service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-400

Related Identifiers

BDU:2023-05858

CVE-2022-37050

DLA-3620-1

DLA-4141-1

OESA-2023-1561

OESA-2023-1611

OESA-2023-1612

OESA-2023-1613

OPENSUSE-SU-2023_3947-1

OPENSUSE-SU-2023_3983-1

OPENSUSE-SU-2023_3998-1

SUSE-SU-2023:3947-1

SUSE-SU-2023:3981-1

SUSE-SU-2023:3982-1

SUSE-SU-2023:3983-1

SUSE-SU-2023:3998-1

SUSE-SU-2023_3947-1

USN-6508-1

USN-6508-2

Affected Products

Astra Linux

Debian

Linuxmint

Poppler

Red Os

Suse

Ubuntu

CVE-2022-37050

Weakness Enumeration

Related Identifiers

Affected Products

References · 108