Integer Overflow Vulnerability in Poppler by Freedesktop.org
CVE-2018-21009

8.8HIGH

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
5 September 2019
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2018-21009?

Poppler, a PDF rendering library, is affected by an integer overflow vulnerability in the Parser::makeStream function found in Parser.cc. This flaw arises when handling specially crafted documents, which can lead to unexpected behavior during PDF parsing. An attacker could exploit this vulnerability to corrupt memory and potentially execute arbitrary code. Users of Poppler versions prior to 0.66.0 are advised to apply the necessary security updates to mitigate these risks.

References

https://gitlab.freedesktop.org/poppler/poppler/commit/086...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/09/msg0...
mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/07/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.