← back
CVE-2018-20481

CVE-2018-20481

EPSS 3.4%
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:2022https://access.redhat.com/errata/RHSA-2019:2713https://gitlab.freedesktop.org/poppler/poppler/issues/692https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143https://lists.debian.org/debian-lts-announce/2019/03/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2020/07/msg00018.htmlhttps://usn.ubuntu.com/3865-1/http://www.securityfocus.com/bid/106321