CVE-2018-13988

medium

Description

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

References

https://usn.ubuntu.com/3757-1/

https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html

https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee

https://bugzilla.redhat.com/show_bug.cgi?id=1602838

https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988

https://access.redhat.com/errata/RHSA-2018:3505

https://access.redhat.com/errata/RHSA-2018:3140

https://access.redhat.com/errata/RHBA-2019:0327

http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html

Details

Source: Mitre, NVD

Published: 2018-07-25

Updated: 2019-04-25

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium