CVE-2023-34872Uncontrolled Resource Consumption in Poppler

CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 62.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedJul 31
Latest updateAug 3

Description

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDfreedesktop/poppler< 23.06.0
Debianfreedesktop/poppler< 22.12.0-2+deb12u1+2

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

4
OSV
poppler vulnerabilities2023-08-03
OSV
CVE-2023-34872: A vulnerability in Outline2023-07-31
GHSA
GHSA-77j7-vm29-rwwv: A vulnerability in Outline2023-07-31
CVEList
CVE-2023-34872: A vulnerability in Outline2023-07-31

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2023-08-03
Red Hat
poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.2023-07-31
Debian
CVE-2023-34872: poppler - A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attac...2023
CVE-2023-34872 — Uncontrolled Resource Consumption | cvebase