CVE-2022-38349

CWE-617Reachable Assertion8 documents7 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 94.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedAug 22
Latest updateNov 23

Description

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianpoppler< 20.09.0-3.1+deb11u2+3
NVDfreedesktop/poppler22.08.0

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

4
OSV
poppler vulnerabilities2023-11-23
OSV
CVE-2022-38349: An issue was discovered in Poppler 222023-08-22
GHSA
GHSA-vc2j-4f8h-8q6p: An issue was discovered in Poppler 222023-08-22
CVEList
CVE-2022-38349: An issue was discovered in Poppler 222023-08-22

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2023-11-23
Red Hat
poppler: Reachable assertion in Object.h2023-08-22
Debian
CVE-2022-38349: poppler - An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Ob...2022
CVE-2022-38349 (MEDIUM CVSS 6.5) | An issue was discovered in Poppler | cvebase.io