Main Vulnerability Database Vulnerabilities #VU16351

#VU16351 Improper input validation in Poppler - CVE-2018-16646

Published: December 10, 2018

Vulnerability identifier: #VU16351

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-16646

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Poppler

Software vendor:
Freedesktop.org

Description

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the Parser::getObj() function, as defined in the Parser.cc source code file of the affected software due to improper processing of user-supplied input. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger an infinite recursion condition and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67

#VU16351 Improper input validation in Poppler - CVE-2018-16646

Description

Remediation

External links

Please verify you're human