CVE-2023-34872
published 2023-07-31CVE-2023-34872: A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in…
PriorityP416medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.93%
56.1th percentile
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 22.12.0-2+deb12u1 (bookworm) | poppler 22.12.0-2+deb12u1 (bookworm) |
| freedesktop | poppler | < 23.06.0 | 23.06.0 |
| freedesktop | poppler | >= 0 < 22.12.0-2+deb12u1 | 22.12.0-2+deb12u1 |
| freedesktop | poppler | >= 0 < 24.02.0-2 | 24.02.0-2 |
| freedesktop | poppler | >= 0 < 24.02.0-2 | 24.02.0-2 |
| freedesktop | poppler | >= 0 < 0.86.1-0ubuntu1.2 | 0.86.1-0ubuntu1.2 |
| freedesktop | poppler | >= 0 < 22.02.0-2ubuntu0.2 | 22.02.0-2ubuntu0.2 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2023-08-03·CVSS 6.5
CVE-2022-27337 [MEDIUM] poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler could be made to crash if it opened a specially crafted file.
Jieyong Ma discovered that poppler incorrectly handled certain malformed
PDF files. A remote attacker could possibly use this issue to cause poppler
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-27337)
It was discovered that poppler incorrectly handled certain malformed PDF
files. A remote attacker could possibly use this issue to cause poppler to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.04. (CVE-2023-34872)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
vendor_redhat·2023-07-31·CVSS 5.5
CVE-2023-34872 [MEDIUM] CWE-20 poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
A flaw was found in Poppler that allows a remote attacker to cause a Denial of Service (DoS) via a crafted PDF file in OutlineItem::open.
Statement: Red Hat Enterprise Linux 6, 7, 8, and 9 are not affected by this CVE, as the vulnerable code is not present in RHEL.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: poppler (Red Hat
Debian
CVE-2023-34872: poppler - A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attac...
vendor_debian·2023·CVSS 5.5
CVE-2023-34872 [MEDIUM] CVE-2023-34872: poppler - A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attac...
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
Scope: local
bookworm: resolved (fixed in 22.12.0-2+deb12u1)
bullseye: resolved
forky: resolved (fixed in 24.02.0-2)
sid: resolved (fixed in 24.02.0-2)
trixie: resolved (fixed in 24.02.0-2)
OSV
poppler vulnerabilities
osv·2023-08-03·CVSS 6.5
CVE-2022-27337 [MEDIUM] poppler vulnerabilities
poppler vulnerabilities
Jieyong Ma discovered that poppler incorrectly handled certain malformed
PDF files. A remote attacker could possibly use this issue to cause poppler
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-27337)
It was discovered that poppler incorrectly handled certain malformed PDF
files. A remote attacker could possibly use this issue to cause poppler to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.04. (CVE-2023-34872)
OSV
CVE-2023-34872: A vulnerability in Outline
osv·2023-07-31·CVSS 5.5
CVE-2023-34872 [MEDIUM] CVE-2023-34872: A vulnerability in Outline
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
GHSA
GHSA-77j7-vm29-rwwv: A vulnerability in Outline
ghsa_unreviewed·2023-07-31
CVE-2023-34872 [MEDIUM] CWE-400 GHSA-77j7-vm29-rwwv: A vulnerability in Outline
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfehttps://gitlab.freedesktop.org/poppler/poppler/-/issues/1399https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfehttps://gitlab.freedesktop.org/poppler/poppler/-/issues/1399https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/https://lists.fedoraproject.org/archives/list/[email protected]/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/https://lists.fedoraproject.org/archives/list/[email protected]/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/
2023-07-31
Published