poppler vulnerability

2007-01-1900:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.068

Percentile

93.9%

JSON

Releases

Ubuntu 6.10
Ubuntu 6.06
Ubuntu 5.10

Details

The poppler PDF loader library did not limit the recursion depth of
the page model tree. By tricking a user into opening a specially
crafter PDF file, this could be exploited to trigger an infinite loop
and eventually crash an application that uses this library.

kpdf in Ubuntu 5.10, and KOffice in all Ubuntu releases contains a
copy of this code and thus is affected as well.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.10noarchlibpoppler1< 0.5.4-0ubuntu4.1UNKNOWN
Ubuntu6.10noarchkword< 1:1.5.2-0ubuntu2.1UNKNOWN
Ubuntu6.06noarchlibpoppler1< 0.5.1-0ubuntu7.1UNKNOWN
Ubuntu6.06noarchkword< 1:1.5.0-0ubuntu9.1UNKNOWN
Ubuntu5.10noarchkpdf< 4:3.4.3-0ubuntu2.6UNKNOWN
Ubuntu5.10noarchkword< 1:1.4.1-0ubuntu7.5UNKNOWN
Ubuntu5.10noarchlibpoppler0c2< 0.4.2-0ubuntu6.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	6.10	noarch	libpoppler1	< 0.5.4-0ubuntu4.1	UNKNOWN
Ubuntu	6.10	noarch	kword	< 1:1.5.2-0ubuntu2.1	UNKNOWN
Ubuntu	6.06	noarch	libpoppler1	< 0.5.1-0ubuntu7.1	UNKNOWN
Ubuntu	6.06	noarch	kword	< 1:1.5.0-0ubuntu9.1	UNKNOWN
Ubuntu	5.10	noarch	kpdf	< 4:3.4.3-0ubuntu2.6	UNKNOWN
Ubuntu	5.10	noarch	kword	< 1:1.4.1-0ubuntu7.5	UNKNOWN
Ubuntu	5.10	noarch	libpoppler0c2	< 0.4.2-0ubuntu6.8	UNKNOWN