CVE-2018-19149NULL Pointer Dereference in Poppler

CWE-476NULL Pointer Dereference13 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerCanonical Ubuntu Linux
Timeline
PublishedNov 10
Latest updateMay 14

Description

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDfreedesktop/poppler< 0.70.0
Debianfreedesktop/poppler< 0.71.0-2+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.13+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

5
GHSA
GHSA-8334-q57q-jpp2: Poppler before 02022-05-14
OSV
poppler regression2018-12-11
OSV
poppler vulnerabilities2018-12-04
OSV
CVE-2018-19149: Poppler before 02018-11-10
CVEList
CVE-2018-19149: Poppler before 02018-11-10

📋Vendor Advisories

4
Ubuntu
poppler regression2018-12-11
Ubuntu
poppler vulnerabilities2018-12-04
Red Hat
poppler: NULL pointer dereference in _poppler_attachment_new2018-11-08
Debian
CVE-2018-19149: poppler - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new ...2018

💬Community

3
Bugzilla
CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new2018-11-13
Bugzilla
CVE-2018-19149 poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]2018-11-13
Bugzilla
CVE-2018-19149 mingw-poppler: poppler: NULL pointer dereference in _poppler_attachment_new [fedora-all]2018-11-13
CVE-2018-19149 — NULL Pointer Dereference in Poppler | cvebase