SB2018111416 - Denial of service in Poppler

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018111416

SB2018111416 - Denial of service in Poppler

Published: November 14, 2018 Updated: December 10, 2018

Security Bulletin ID SB2018111416
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2018-19149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. A remote attacker can perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2018-16646)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the Parser::getObj() function, as defined in the Parser.cc source code file of the affected software due to improper processing of user-supplied input. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger an infinite recursion condition and cause the service to crash.


3) Out-of-bounds read (CVE-ID: CVE-2018-19059)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to out-of-bounds read condition in the EmbFile::save2 function, as defined in the FileSpec.cc source code file after insufficient validation of embedded files before save attempts. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger out-of-bounds read condition and cause the service to crash.


4) Improper input validation (CVE-ID: CVE-2018-19058)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the EmbFile::save2 function due to insufficient stream checks by the EmbFile::save2 function, as defined in the FileSpec.cc source code file of the affected software, before an embedded file is saved. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a reachable abort condition in the Object.h file and cause the service to crash.


5) NULL pointer dereference (CVE-ID: CVE-2018-19060)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to NULL pointer dereference condition in the GooString.h source code file when the filenames of embedded files are insufficiently validated before a save path is constructed. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.


Remediation

Install update from vendor's website.

References