CVE-2018-13988 — Out-of-bounds Read in Poppler

CWE-125 — Out-of-bounds Read10 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 29.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Canonical Ubuntu Linux Debian Linux +5 more

Timeline

PublishedJul 25

Latest updateMay 14

Description

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶Debianfreedesktop/poppler< 0.69.0-2+3

▶NVDfreedesktop/poppler0.62.0

▶NVDredhat/ansible_tower3.3.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Openshift Container Platform 3.11, Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-hj59-vghc-34x7: Poppler through 0↗2022-05-14

▶

CVEList

CVE-2018-13988: Poppler through 0↗2018-07-25

▶

OSV

CVE-2018-13988: Poppler through 0↗2018-07-25

▶

📋Vendor Advisories

Ubuntu

poppler vulnerability↗2018-08-29

▶

Red Hat

poppler: out of bounds read in pdfunite↗2018-07-23

▶

Debian

CVE-2018-13988: poppler - Poppler through 0.62 contains an out of bounds read vulnerability due to an inco...↗2018

▶

💬Community

Bugzilla

CVE-2018-13988 mingw-poppler: poppler: buffer overflow in pdfunite [fedora-all]↗2018-07-23

▶

Bugzilla

CVE-2018-13988 poppler: buffer overflow in pdfunite [fedora-all]↗2018-07-23

▶

Bugzilla

CVE-2018-13988 poppler: out of bounds read in pdfunite↗2018-07-18

▶