CVE-2015-8868 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler
Severity
7.8HIGHNVD
EPSS
1.1%
top 22.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 6
Latest updateMay 14
Description
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 8.0, Fedora 23, Ubuntu Linux 12.04, 14.04, 15.10
🔴Vulnerability Details
4GHSA▶
GHSA-x4hh-g34g-m3m8: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0↗2022-05-14
CVEList▶
CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0↗2016-05-06
OSV▶
CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0↗2016-05-06