Lucene search

PRIOn knowledge basePRION:CVE-2018-20481

HistoryDec 26, 2018 - 4:29 a.m.

Null pointer dereference

2018-12-2604:29:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

JSON

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
popplereq0.72.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
debian_linux	eq	8.0
poppler	eq	0.72.0

References

www.securityfocus.com/bid/106321

access.redhat.com/errata/RHSA-2019:2022

access.redhat.com/errata/RHSA-2019:2713

gitlab.freedesktop.org/poppler/poppler/issues/692

gitlab.freedesktop.org/poppler/poppler/merge_requests/143

lists.debian.org/debian-lts-announce/2019/03/msg00008.html

lists.debian.org/debian-lts-announce/2020/07/msg00018.html

usn.ubuntu.com/3865-1/