Published: 02/11/2018 Updated: 01/03/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop poppler 0.71.0
debian debian linux 10.0
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04
canonical ubuntu linux 16.04
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux server tus 8.2
redhat enterprise linux server aus 8.2
redhat enterprise linux server tus 8.4
redhat enterprise linux eus 8.4
redhat enterprise linux server aus 8.4
redhat enterprise linux server aus 8.6
redhat enterprise linux server tus 8.6
redhat enterprise linux eus 8.6

Debian Bug report logs - #913164 CVE-2018-18897 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 7 Nov 2018 18:51:01 UTC Severity: normal Tags: fixed-upstream, secu ...

Several security issues were fixed in poppler ...

Synopsis Moderate: poppler security update Type/Severity Security Advisory: Moderate Topic An update for poppler is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Moderate: poppler security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...

In Poppler 0680, the Parser::getObj() function in Parsercc may cause infinite recursion via a crafted file A remote attacker can leverage this for a DoS attack(CVE-2018-16646) An issue was discovered in Poppler 0710 There is a memory leak in GfxColorSpace::setDisplayProfile in GfxStatecc, as demonstrated by pdftocairo(CVE-2018-18897) An i ...

XRef::getEntry in XRefcc in Poppler 0720 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRefh is called from Parser::makeStream in Parsercc(CVE-2018-20481) In Poppler 0680, the Parser::getObj() function in Parse ...

An issue was discovered in Poppler 0710 There is a memory leak in GfxColorSpace::setDisplayProfile in GfxStatecc, as demonstrated by pdftocairo ...

CWE-772 https://gitlab.freedesktop.org/poppler/poppler/issues/654 https://usn.ubuntu.com/4042-1/https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164 https://usn.ubuntu.com/4042-1/https://nvd.nist.gov

CVE-2018-18897

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect