CVE-2018-20551Improper Input Validation in Poppler

CWE-20Improper Input ValidationCWE-617Reachable Assertion11 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerCanonical Ubuntu Linux
Timeline
PublishedDec 28
Latest updateMay 13

Description

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianfreedesktop/poppler< 0.71.0-4+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.16+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

4
GHSA
GHSA-wv4m-6mw9-cjfg: A reachable Object::getString assertion in Poppler 02022-05-13
OSV
poppler vulnerabilities2019-02-11
CVEList
CVE-2018-20551: A reachable Object::getString assertion in Poppler 02018-12-28
OSV
CVE-2018-20551: A reachable Object::getString assertion in Poppler 02018-12-28

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2019-02-11
Red Hat
poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c2018-12-26
Debian
CVE-2018-20551: poppler - A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to ca...2018

💬Community

3
Bugzilla
CVE-2018-20551 poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c [fedora-all]2019-01-10
Bugzilla
CVE-2018-20551 mingw-poppler: poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c [fedora-all]2019-01-10
Bugzilla
CVE-2018-20551 poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c2019-01-10
CVE-2018-20551 — Improper Input Validation in Poppler | cvebase