CVE-2024-6239

CWE-20Improper Input Validation7 documents7 sources
Severity
7.5HIGH
EPSS
0.1%
top 67.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerRedhat Enterprise Linux
Timeline
PublishedJun 21
Latest updateJul 24

Description

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfreedesktop/poppler< 24.06.0
Debianpoppler< 24.08.0-2+1

Also affects: Enterprise Linux 7.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-cc4h-7j78-49pj: A flaw was found in the Poppler's Pdfinfo utility2024-06-21
OSV
CVE-2024-6239: A flaw was found in the Poppler's Pdfinfo utility2024-06-21
CVEList
Poppler: pdfinfo: crash in broken documents when using -dests parameter2024-06-21

📋Vendor Advisories

3
Ubuntu
poppler vulnerability2024-07-24
Red Hat
poppler: pdfinfo: crash in broken documents when using -dests parameter2024-06-06
Debian
CVE-2024-6239: poppler - A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using ...2024
CVE-2024-6239 (HIGH CVSS 7.5) | A flaw was found in the Poppler's P | cvebase.io