Published: 25/07/2018 Updated: 25/04/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Poppler up to and including 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop poppler
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
debian debian linux 8.0
redhat ansible tower 3.3.0
redhat enterprise linux server 7.0
redhat openshift container platform 3.11
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0

Debian Bug report logs - #904922 poppler: CVE-2018-13988: out-of-bounds read flaw Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jul 2018 14:54:01 UTC Seve ...

poppler could be made to crash if it received specially crafted PDF file ...

Synopsis Moderate: GNOME security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Critical: Red Hat Ansible Tower 331-2 Release - Container Image Type/Severity Security Advisory: Critical Topic Security Advisory Description Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annoth A crafted input will lead to a remote denial of service attack Poppler versions later than 0410 are not affected(CVE-2018-10768) The FoFiType1C::cvtGlyph function in fofi/FoFiType1Ccc in Poppler allows remote attackers to cause a denial of service (infin ...

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annoth A crafted input will lead to a remote denial of service attack(CVE-2018-10768) The FoFiType1C::cvtGlyph function in fofi/FoFiType1Ccc in Poppler allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrate ...

Poppler through 062 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite This can result in memory corruption and denial of service This may be exploitable when a victim opens a specially crafted PDF file ...

CWE-125 http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html https://bugzilla.redhat.com/show_bug.cgi?id=1602838 https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988 https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee https://usn.ubuntu.com/3757-1/https://access.redhat.com/errata/RHSA-2018:3140 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHBA-2019:0327 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922 https://usn.ubuntu.com/3757-1/https://nvd.nist.gov

CVE-2018-13988

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect