CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:2022	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2713	Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f	Patch Third Party Advisory
https://gitlab.freedesktop.org/poppler/poppler/issues/706	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/
https://usn.ubuntu.com/4042-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

07 Nov 2023, 02:56

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/', 'name': 'FEDORA-2019-8b5e704a73', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/', 'name': 'FEDORA-2019-d04944813d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/', 'name': 'FEDORA-2019-13ba3be562', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/', 'name': 'FEDORA-2019-14040bfa27', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ -

01 Mar 2023, 18:02

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux Eus Redhat enterprise Linux Redhat enterprise Linux Desktop Redhat Redhat enterprise Linux Server Canonical Canonical ubuntu Linux Redhat enterprise Linux Server Tus Redhat enterprise Linux Server Aus Redhat enterprise Linux Workstation
CPE		cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ - Mailing List, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2019:2713 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2019:2713 - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4042-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4042-1/ - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2019:2022 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2019:2022 - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html - Mailing List, Third Party Advisory

Information

Published : 2019-01-03 13:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-20662

Mitre link : CVE-2018-20662

CVE.ORG link : CVE-2018-20662

JSON object : View

Products Affected

redhat

enterprise_linux_server_tus
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_server_aus
enterprise_linux
enterprise_linux_eus

freedesktop

poppler

debian

debian_linux

canonical

ubuntu_linux

fedoraproject

fedora

CWE

CWE-20

Improper Input Validation

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-20662

6.5^/10

4.3^/10

Attach tags to `CVE-2018-20662`