CVE-2022-37051

CWE-617 — Reachable Assertion CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 86.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Freedesktop Poppler

Timeline

PublishedAug 22

Latest updateNov 23

Description

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianpoppler< 20.09.0-3.1+deb11u2+3

▶NVDfreedesktop/poppler22.07.0

Also affects: Debian Linux 10.0

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

OSV

poppler vulnerabilities↗2023-11-23

▶

GHSA

GHSA-fh54-998j-j424: An issue was discovered in Poppler 22↗2023-08-22

▶

OSV

CVE-2022-37051: An issue was discovered in Poppler 22↗2023-08-22

▶

CVEList

CVE-2022-37051: An issue was discovered in Poppler 22↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2023-11-23

▶

Red Hat

poppler: abort in main() in pdfunite.cc↗2022-07-28

▶

Debian

CVE-2022-37051: poppler - An issue was discovered in Poppler 22.07.0. There is a reachable abort which lea...↗2022

▶