Main Vulnerability Database Vulnerabilities #VU16348

#VU16348 NULL pointer dereference in Poppler - CVE-2018-19060

Published: December 5, 2018 / Updated: December 10, 2018

Vulnerability identifier: #VU16348

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-19060

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Poppler

Software vendor:
Freedesktop.org

Description

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to NULL pointer dereference condition in the GooString.h source code file when the filenames of embedded files are insufficiently validated before a save path is constructed. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://gitlab.freedesktop.org/poppler/poppler/issues/660

#VU16348 NULL pointer dereference in Poppler - CVE-2018-19060

Description

Remediation

External links

Please verify you're human