PT-2023-5245 · Poppler +5 · Poppler +5
Published
2023-08-22
·
Updated
2025-04-28
·
CVE-2022-38349
7.8
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Poppler version 22.08.0
Description:
The issue is related to a reachable assertion in Object.h, which can lead to denial of service. This occurs because the `PDFDoc::replacePageDict` function in PDFDoc.cc lacks a stream check before saving an embedded file. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations:
For Poppler version 22.08.0, consider disabling the `PDFDoc::replacePageDict` function until a patch is available to prevent potential denial of service attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Assertion Failure
Weakness Enumeration
Related Identifiers
Affected Products
References · 83
- 🔥 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282 · Exploit
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365 · Security Note
- https://osv.dev/vulnerability/USN-6508-1 · Vendor Advisory
- https://osv.dev/vulnerability/SUSE-SU-2023:3947-1 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364 · Security Note
- https://bdu.fstec.ru/vul/2023-07624 · Security Note
- https://ubuntu.com/security/CVE-2022-37050 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378 · Security Note
- https://bdu.fstec.ru/vul/2023-06640 · Security Note
- https://ubuntu.com/security/CVE-2020-23804 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349 · Security Note
- https://security-tracker.debian.org/tracker/DLA-4141-1 · Vendor Advisory
- https://osv.dev/vulnerability/SUSE-SU-2023:3983-1 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37052 · Security Note
- https://osv.dev/vulnerability/SUSE-SU-2023:3982-1 · Vendor Advisory