A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
References
Link | Resource |
---|---|
https://gitlab.freedesktop.org/poppler/poppler/issues/704 | Issue Tracking Patch Third Party Advisory |
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 | Patch Third Party Advisory |
http://www.securityfocus.com/bid/106459 | Third Party Advisory VDB Entry |
https://usn.ubuntu.com/3865-1/ | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:2022 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:2713 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2019-01-01 08:29
Updated : 2023-02-11 10:12
NVD link : CVE-2018-20650
Mitre link : CVE-2018-20650
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_eus
freedesktop
- poppler
canonical
- ubuntu_linux
debian
- debian_linux