A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106459 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2019:2022 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:2713 | Third Party Advisory |
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 | Patch Third Party Advisory |
https://gitlab.freedesktop.org/poppler/poppler/issues/704 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3865-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
11 Feb 2023, 18:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Eus
Redhat enterprise Linux Redhat enterprise Linux Desktop Redhat Redhat enterprise Linux Server Debian Redhat enterprise Linux Server Tus Redhat enterprise Linux Server Aus Debian debian Linux Redhat enterprise Linux Workstation |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2713 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2022 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
26 Sep 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-01-01 16:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-20650
Mitre link : CVE-2018-20650
CVE.ORG link : CVE-2018-20650
JSON object : View
Products Affected
redhat
- enterprise_linux_server_tus
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux
- enterprise_linux_eus
freedesktop
- poppler
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-20
Improper Input Validation