CVE-2018-19058

MEDIUM

Freedesktop Poppler - Denial of Service

Title source: rule
STIX 2.1

Description

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

References (6)

Scores

CVSS v3 6.5
EPSS 0.0028
EPSS Percentile 51.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-670
Status published
Products (11)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
freedesktop/poppler 0.71.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 7.0
... and 1 more
Published Nov 07, 2018
Tracked Since Feb 18, 2026