CVE-2018-19058 — Always-Incorrect Control Flow Implementation in Poppler

CWE-670 — Always-Incorrect Control Flow Implementation CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Canonical Ubuntu Linux Debian Linux +3 more

Timeline

PublishedNov 7

Latest updateMay 13

Description

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶Debianfreedesktop/poppler< 0.85.0-2+3

▶Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.13+2

▶NVDfreedesktop/poppler0.71.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-whvc-fhwp-5x6h: An issue was discovered in Poppler 0↗2022-05-13

▶

OSV

poppler vulnerabilities↗2018-12-04

▶

CVEList

CVE-2018-19058: An issue was discovered in Poppler 0↗2018-11-07

▶

OSV

CVE-2018-19058: An issue was discovered in Poppler 0↗2018-11-07

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2018-12-04

▶

Red Hat

poppler: reachable abort in Object.h↗2018-11-06

▶

Debian

CVE-2018-19058: poppler - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object....↗2018

▶

💬Community

Bugzilla

CVE-2018-19058 mingw-poppler: poppler: reachable abort in Object.h [fedora-all]↗2018-11-13

▶

Bugzilla

CVE-2018-19058 poppler: reachable abort in Object.h↗2018-11-13

▶

Bugzilla

CVE-2018-19058 poppler: reachable abort in Object.h [fedora-all]↗2018-11-13

▶