CVE-2018-19149
published 2018-11-10CVE-2018-19149: Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
PriorityP425medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
2.74%
84.3th percentile
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | poppler | < poppler 0.71.0-2 (bookworm) | poppler 0.71.0-2 (bookworm) |
| freedesktop | poppler | < 0.70.0 | 0.70.0 |
| freedesktop | poppler | >= 0 < 0.71.0-2 | 0.71.0-2 |
| freedesktop | poppler | >= 0 < 0.71.0-2 | 0.71.0-2 |
| freedesktop | poppler | >= 0 < 0.71.0-2 | 0.71.0-2 |
| freedesktop | poppler | >= 0 < 0.71.0-2 | 0.71.0-2 |
| freedesktop | poppler | >= 0 < 0.24.5-2ubuntu4.14 | 0.24.5-2ubuntu4.14 |
| freedesktop | poppler | >= 0 < 0.24.5-2ubuntu4.13 | 0.24.5-2ubuntu4.13 |
| freedesktop | poppler | >= 0 < 0.41.0-0ubuntu1.10 | 0.41.0-0ubuntu1.10 |
| freedesktop | poppler | >= 0 < 0.41.0-0ubuntu1.9 | 0.41.0-0ubuntu1.9 |
| freedesktop | poppler | >= 0 < 0.62.0-2ubuntu2.5 | 0.62.0-2ubuntu2.5 |
| freedesktop | poppler | >= 0 < 0.62.0-2ubuntu2.4 | 0.62.0-2ubuntu2.4 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8334-q57q-jpp2: Poppler before 0
ghsa_unreviewed·2022-05-14
CVE-2018-19149 [MEDIUM] CWE-476 GHSA-8334-q57q-jpp2: Poppler before 0
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
OSV
poppler regression
osv·2018-12-11·CVSS 6.5
CVE-2018-16646 [MEDIUM] poppler regression
poppler regression
USN-3837-1 fixed vulnerabilities in poppler. A regression was reported
regarding the previous update. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-16646)
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-19149)
OSV
poppler vulnerabilities
osv·2018-12-04·CVSS 6.5
CVE-2018-16646 [MEDIUM] poppler vulnerabilities
poppler vulnerabilities
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060)
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2018-19149)
OSV
CVE-2018-19149: Poppler before 0
osv·2018-11-10·CVSS 6.5
CVE-2018-19149 [MEDIUM] CVE-2018-19149: Poppler before 0
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Ubuntu
poppler regression
vendor_ubuntu·2018-12-11·CVSS 6.5
CVE-2018-16646 [MEDIUM] poppler regression
Title: poppler regression
Summary: USN-3837-1 introduced a regression in poppler.
USN-3837-1 fixed vulnerabilities in poppler. A regression was reported
regarding the previous update. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-16646)
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-19149)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2018-12-04·CVSS 6.5
CVE-2018-16646 [MEDIUM] poppler vulnerabilities
Title: poppler vulnerabilities
Summary: Several security issues were fixed in poppler.
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060)
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2018-19149)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: NULL pointer dereference in _poppler_attachment_new
vendor_redhat·2018-11-08·CVSS 6.5
CVE-2018-19149 [MEDIUM] CWE-476 poppler: NULL pointer dereference in _poppler_attachment_new
poppler: NULL pointer dereference in _poppler_attachment_new
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Statement: This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.
Package: poppler (Red Hat Enterprise Linux 5) - Not affected
Package: poppler (Red Hat Enterprise Linux 6) - Not affected
Package: poppler (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-19149: poppler - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new ...
vendor_debian·2018·CVSS 6.5
CVE-2018-19149 [MEDIUM] CVE-2018-19149: poppler - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new ...
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Scope: local
bookworm: resolved (fixed in 0.71.0-2)
bullseye: resolved (fixed in 0.71.0-2)
forky: resolved (fixed in 0.71.0-2)
sid: resolved (fixed in 0.71.0-2)
trixie: resolved (fixed in 0.71.0-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new
bugzilla·2018-11-13·CVSS 6.5
CVE-2018-19149 [MEDIUM] CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new
CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new
An issue was found in Poppler before 0.70.0. A NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
References:
https://gitlab.freedesktop.org/poppler/poppler/issues/664
Discussion:
Created mingw-poppler tracking bugs for this issue:
Affects: fedora-all [bug 1649459]
Created poppler tracking bugs for this issue:
Affects: fedora-all [bug 1649458]
---
Patch:
https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
Technically a dupe of bug #1569334
---
Statement:
This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.
---
This issue has been addressed in the following products:
Bugzilla
CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]
bugzilla·2018-11-13·CVSS 6.5
CVE-2018-19149 [MEDIUM] CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]
CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
Bugzilla
CVE-2018-19149 mingw-poppler: poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]
bugzilla·2018-11-13·CVSS 6.5
CVE-2018-19149 [MEDIUM] CVE-2018-19149 mingw-poppler: poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]
CVE-2018-19149 mingw-poppler: poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects m
arXiv
CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports
arxiv_fulltext·2023-07-29
CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports
Yunbo Lyu1 , Thanh Le-Cong1 , Hong Jin Kang1, Ratnadira Widyasari1,
Zhipeng Zhao1, Xuan-Bach D. Le2, Ming Li3, David Lo1
1Singapore Management University 2The University of Melbourne
3Nanjing University
\yunbolyu, tlecong\@smu.edu.sg, \hjkang.2018, ratnadiraw.2020\@phdcs.smu.edu.sg, [email protected],
[email protected], [email protected], [email protected]
: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports
Equal contribution
## Abstract
Tools that alert developers about library vulnerabilities depend on accurate, up-to-date vulnerability databases which are maintained by security researchers.
These databases record the libraries related to each vulnerability. However, the vulnerability reports may not explicitly list every library and human analysis is
http://www.securityfocus.com/bid/106031https://access.redhat.com/errata/RHSA-2019:2022https://gitlab.freedesktop.org/poppler/poppler/issues/664https://security.gentoo.org/glsa/201904-04https://usn.ubuntu.com/3837-1/https://usn.ubuntu.com/3837-2/http://www.securityfocus.com/bid/106031https://access.redhat.com/errata/RHSA-2019:2022https://gitlab.freedesktop.org/poppler/poppler/issues/664https://security.gentoo.org/glsa/201904-04https://usn.ubuntu.com/3837-1/https://usn.ubuntu.com/3837-2/
2018-11-10
Published