CVE-2018-10768
published 2018-05-06CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to…
PriorityP426medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
2.44%
82.2th percentile
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | poppler | < poppler 0.38.0-2 (bookworm) | poppler 0.38.0-2 (bookworm) |
| freedesktop | poppler | < 0.41.0 | 0.41.0 |
| freedesktop | poppler | >= 0 < 0.38.0-2 | 0.38.0-2 |
| freedesktop | poppler | >= 0 < 0.38.0-2 | 0.38.0-2 |
| freedesktop | poppler | >= 0 < 0.38.0-2 | 0.38.0-2 |
| freedesktop | poppler | >= 0 < 0.38.0-2 | 0.38.0-2 |
| freedesktop | poppler | >= 0 < 0.24.5-2ubuntu4.11 | 0.24.5-2ubuntu4.11 |
| freedesktop | poppler | >= 0 < 0.41.0-0ubuntu1.7 | 0.41.0-0ubuntu1.7 |
| freedesktop | poppler | >= 0 < 0.62.0-2ubuntu2.1 | 0.62.0-2ubuntu2.1 |
| redhat | ansible_tower | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2018-05-15·CVSS 5.5
CVE-2017-18267 [MEDIUM] poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler could be made to crash if it opened a specially crafted PDF.
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this to cause a denial of service.
(CVE-2017-18267)
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
vendor_redhat·2018-05-05·CVSS 6.5
CVE-2018-10768 [MEDIUM] CWE-476 poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Statement: Red Hat Product Security has rated this issue as having low security impact and a future update may address this flaw.
Package: poppler (Red Hat Enterprise Linux 5) - Not affected
Package: poppler (Red Hat Enterprise Linux 6) - Not affected
Package: poppler (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-10768: poppler - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function i...
vendor_debian·2018·CVSS 6.5
CVE-2018-10768 [MEDIUM] CVE-2018-10768: poppler - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function i...
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Scope: local
bookworm: resolved (fixed in 0.38.0-2)
bullseye: resolved (fixed in 0.38.0-2)
forky: resolved (fixed in 0.38.0-2)
sid: resolved (fixed in 0.38.0-2)
trixie: resolved (fixed in 0.38.0-2)
GHSA
GHSA-vj6w-p4m3-pj3w: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot
ghsa_unreviewed·2022-05-14
CVE-2018-10768 [MEDIUM] CWE-476 GHSA-vj6w-p4m3-pj3w: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
OSV
poppler vulnerabilities
osv·2018-05-15·CVSS 5.5
CVE-2017-18267 [MEDIUM] poppler vulnerabilities
poppler vulnerabilities
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this to cause a denial of service.
(CVE-2017-18267)
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768)
OSV
CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot
osv·2018-05-06·CVSS 6.5
CVE-2018-10768 [MEDIUM] CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
No detection rules found.
No public exploits indexed.
arXiv
V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing
arxiv_fulltext·2019-01-04
V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing
V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing
Yuwei Li,
Shouling Ji,
Chenyang Lv,
Yuan Chen,
Jianhai Chen,
Qinchen Gu,
and Chunming Wu
Y. Li, S. Ji, C. Lv, Y. Chen, J. Chen and C. Wu are with the College of Computer Science and Technology, Zhejiang University, China.
E-mail: \liyuwei,sji,puppet,chenyuan,chenjh919,wuchunming\@zju.edu.cn
Q. Gu is with the Department
of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta,
GA, 30332.
E-mail: [email protected]
## Abstract
Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs.
Most of the existing fuzzers consider all parts of a software equally,
and pay too much attention on how to improve the code coverage.
It is inefficient as the vulnerable code
Bugzilla
CVE-2018-10768 poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
bugzilla·2018-05-09·CVSS 6.5
CVE-2018-10768 [MEDIUM] CVE-2018-10768 poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
CVE-2018-10768 poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
Poppler is vulnerable to a NULL pointer dereference in the Annot.h:AnnotPath::getCoordsLength() function. An attacker could exploit this to cause a denial of service via crafted PDF.
Upstream Bug:
https://bugs.freedesktop.org/show_bug.cgi?id=106408
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3140
---
Statement:
Red Hat Product Security has rated this issue as having low security impact and a future update may address this flaw.
https://access.redhat.com/errata/RHBA-2019:0327https://access.redhat.com/errata/RHSA-2018:3140https://access.redhat.com/errata/RHSA-2018:3505https://bugs.freedesktop.org/show_bug.cgi?id=106408https://lists.debian.org/debian-lts-announce/2018/10/msg00024.htmlhttps://usn.ubuntu.com/3647-1/https://access.redhat.com/errata/RHBA-2019:0327https://access.redhat.com/errata/RHSA-2018:3140https://access.redhat.com/errata/RHSA-2018:3505https://bugs.freedesktop.org/show_bug.cgi?id=106408https://lists.debian.org/debian-lts-announce/2018/10/msg00024.htmlhttps://usn.ubuntu.com/3647-1/
2018-05-06
Published