Description
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
References (9)
Core 9
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1602838
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3505
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3140
Patch, Vendor Advisory x_refsource_confirm
https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3757-1/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2019:0327
Scores
CVSS v3
6.5
EPSS
0.0065
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (10)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
debian/debian_linux
8.0
freedesktop/poppler
< 0.62.0
redhat/ansible_tower
3.3.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_workstation
7.0
redhat/openshift_container_platform
3.11
Published
Jul 25, 2018
Tracked Since
Feb 18, 2026