Lucene search

Veracode Vulnerability DatabaseVERACODE:43699

HistoryOct 10, 2023 - 4:57 a.m.

Denial Of Service (DoS)

2023-10-1004:57:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

htmloutputdev

pdf file parsing

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

libpoppler.so is vulnerable to Denial of Service (DoS). The vulnerability is due to a buffer overflow caused by the HtmlOutputDev::page() function which allows an attacker to cause a denial-of-service attack by parsing a crafted PDF file.

CPENameOperatorVersion
libpoppler.sole82.0.0
libpoppler.sole82.0.0

CPE	Name	Operator	Version
	libpoppler.so	le	82.0.0
	libpoppler.so	le	82.0.0

References

bugzilla.redhat.com/show_bug.cgi?id=2234524

gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a

gitlab.freedesktop.org/poppler/poppler/-/issues/742

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for VERACODE:43699