Lucene search

[email protected]CVE-2022-37051

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2022-37051

2023-08-2219:16:23

CWE-617

[email protected]

web.nvd.nist.gov

354

cve-2022-37051

poppler

denial of service

pdf

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

Affected configurations

NVD

Node

freedesktoppopplerMatch22.07.0

Node

debiandebian_linuxMatch10.0

CPENameOperatorVersion
freedesktop:popplerfreedesktop popplereq22.07.0

CPE	Name	Operator	Version
freedesktop:poppler	freedesktop poppler	eq	22.07.0

References

gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b

gitlab.freedesktop.org/poppler/poppler/-/issues/1276

lists.debian.org/debian-lts-announce/2023/10/msg00022.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for CVE-2022-37051

prion1 osv4 ubuntucve1 nvd1 redhatcve1 cvelist1 veracode1 debiancve1 debian1 openvas9 redos1 nessus9 ubuntu2 hp1