cbcvebase.
CVE-2015-8868
published 2016-05-06

CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of…

PriorityP340high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
4.56%
90.4th percentile
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

Affected

12 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianpoppler< poppler 0.38.0-3 (bookworm)poppler 0.38.0-3 (bookworm)
fedoraprojectfedora
freedesktoppoppler
freedesktoppoppler>= 0 < 0.38.0-30.38.0-3
freedesktoppoppler>= 0 < 0.38.0-30.38.0-3
freedesktoppoppler>= 0 < 0.38.0-30.38.0-3
freedesktoppoppler>= 0 < 0.38.0-30.38.0-3
freedesktoppoppler>= 0 < 0.24.5-2ubuntu4.40.24.5-2ubuntu4.4

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.