Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2018-20650

Published: 01/01/2019 Updated: 11/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Poppler

Vulnerability Summary

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows malicious users to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop poppler 0.72.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server aus 8.6

redhat enterprise linux server tus 8.6

redhat enterprise linux eus 8.6

Vendor Advisories

Debian CVElist Bug Report Logs: poppler: CVE-2018-20650: reachable abort in FileSpec::FileSpec in FileSpec.cc
Debian Bug report logs - #917974 poppler: CVE-2018-20650: reachable abort in FileSpec::FileSpec in FileSpeccc Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, ...
Ubuntu Security Notice: poppler vulnerabilities
Several security issues were fixed in poppler ...
Red Hat: Moderate: poppler security update
Synopsis Moderate: poppler security update Type/Severity Security Advisory: Moderate Topic An update for poppler is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Moderate: poppler security, bug fix, and enhancement update
Synopsis Moderate: poppler security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...
Amazon Linux 2: ALAS2-2019-1332
In Poppler 0680, the Parser::getObj() function in Parsercc may cause infinite recursion via a crafted file A remote attacker can leverage this for a DoS attack(CVE-2018-16646) An issue was discovered in Poppler 0710 There is a memory leak in GfxColorSpace::setDisplayProfile in GfxStatecc, as demonstrated by pdftocairo(CVE-2018-18897) An i ...
Amazon Linux AMI: ALAS-2019-1271
XRef::getEntry in XRefcc in Poppler 0720 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRefh is called from Parser::makeStream in Parsercc(CVE-2018-20481) In Poppler 0680, the Parser::getObj() function in Parse ...
Red Hat: CVE-2018-20650
A reachable Object::dictLookup assertion in Poppler 0720 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpeccc) in pdfdetach ...

References

CWE-20https://gitlab.freedesktop.org/poppler/poppler/issues/704https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7http://www.securityfocus.com/bid/106459https://usn.ubuntu.com/3865-1/https://access.redhat.com/errata/RHSA-2019:2022https://access.redhat.com/errata/RHSA-2019:2713https://lists.debian.org/debian-lts-announce/2019/09/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2020/11/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00030.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974https://usn.ubuntu.com/3865-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook