In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
References
| Link | Resource |
|---|---|
| https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 | Patch |
| https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 | Exploit Issue Tracking |
| https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html | Mailing List Third Party Advisory |
Configurations
History
08 Dec 2023, 20:57
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
| References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html - Mailing List, Third Party Advisory | |
| First Time |
Debian
Debian debian Linux |
16 Oct 2023, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
28 Aug 2023, 18:34
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:* | |
| References | (MISC) https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 - Patch | |
| References | (MISC) https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 - Exploit, Issue Tracking | |
| CWE | NVD-CWE-Other | |
| First Time |
Freedesktop poppler
Freedesktop |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
22 Aug 2023, 20:10
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-22 19:16
Updated : 2023-12-10 15:14
NVD link : CVE-2022-37050
Mitre link : CVE-2022-37050
CVE.ORG link : CVE-2022-37050
JSON object : View
Products Affected
freedesktop
- poppler
debian
- debian_linux
CWE