CVE-2018-10768 — NULL Pointer Dereference in Poppler

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

6.5MEDIUMNVD

OSV5.5

EPSS

1.9%

top 16.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Canonical Ubuntu Linux Debian Linux +4 more

Timeline

PublishedMay 6

Latest updateMay 14

Description

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶NVDfreedesktop/poppler< 0.41.0

▶Debianfreedesktop/poppler< 0.38.0-2+3

▶Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.11+2

▶NVDredhat/ansible_tower3.3

▶NVDredhat/enterprise_linux_server7.0

Also affects: Ubuntu Linux 14.04, Debian Linux 8.0

Patches

Patch: bugs.freedesktop.org ↗Patch: bugs.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-vj6w-p4m3-pj3w: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot↗2022-05-14

▶

OSV

poppler vulnerabilities↗2018-05-15

▶

CVEList

CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot↗2018-05-06

▶

OSV

CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot↗2018-05-06

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2018-05-15

▶

Red Hat

poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF↗2018-05-05

▶

Debian

CVE-2018-10768: poppler - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function i...↗2018

▶

💬Community

Bugzilla

CVE-2018-10768 poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF↗2018-05-09

▶