Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-13988 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | Low |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (poppler) | RHSA-2018:3140 | 2018-10-30 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | poppler | Will not fix |
| Red Hat Enterprise Linux 5 | poppler | Will not fix |
Vulmon