CVE-2022-37052

CWE-617Reachable AssertionCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 92.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedAug 22
Latest updateNov 23

Description

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianpoppler< 20.09.0-3.1+deb11u2+3
NVDfreedesktop/poppler22.07.0

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

4
OSV
poppler vulnerabilities2023-11-23
CVEList
CVE-2022-37052: A reachable Object::getString assertion in Poppler 222023-08-22
GHSA
GHSA-527m-pccf-wf58: A reachable Object::getString assertion in Poppler 222023-08-22
OSV
CVE-2022-37052: A reachable Object::getString assertion in Poppler 222023-08-22

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2023-11-23
Red Hat
poppler: reachable assertion due to a failure in markObject()2022-07-28
Debian
CVE-2022-37052: poppler - A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to c...2022
CVE-2022-37052 (MEDIUM CVSS 6.5) | A reachable Object::getString asser | cvebase.io