SB2018122602 - Denial of service in Poppler
Published: December 26, 2018 Updated: February 1, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2018-20481)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when XRef::getEntry in XRef.cc mishandles unallocated XRef entries. A remote attacker can trigger denial of service conditions via a specially crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
2) Reachable Assertion (CVE-ID: CVE-2018-20551)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable Object::getString assertion due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. A remote attacker can cause a denial of service.
3) Input validation error (CVE-ID: CVE-2018-20662)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a wrong return value from PDFDoc::setup when an xref data structure is mishandled during extractPDFSubtype processing. A remote attacker can trick the victim into opening a specially crafter PDF file cause application crash by Object.h SIGABRT.
4) Reachable Assertion (CVE-ID: CVE-2018-20650)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. A remote attacker can cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://gitlab.freedesktop.org/poppler/poppler/issues/692
- https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
- https://gitlab.freedesktop.org/poppler/poppler/issues/703
- https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146
- https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
- https://gitlab.freedesktop.org/poppler/poppler/issues/706
- https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
- https://gitlab.freedesktop.org/poppler/poppler/issues/704