vulnerability

Red Hat: CVE-2018-20481: CVE-2018-20481 poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Dec 26, 2018	Aug 7, 2019	Nov 27, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Dec 26, 2018

Added

Aug 7, 2019

Modified

Nov 27, 2024

Description

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

Solution(s)

redhat-upgrade-evinceredhat-upgrade-evince-browser-pluginredhat-upgrade-evince-debuginforedhat-upgrade-evince-develredhat-upgrade-evince-dviredhat-upgrade-evince-libsredhat-upgrade-evince-nautilusredhat-upgrade-okularredhat-upgrade-okular-debuginforedhat-upgrade-okular-develredhat-upgrade-okular-libsredhat-upgrade-okular-partredhat-upgrade-popplerredhat-upgrade-poppler-cppredhat-upgrade-poppler-cpp-debuginforedhat-upgrade-poppler-cpp-develredhat-upgrade-poppler-debuginforedhat-upgrade-poppler-debugsourceredhat-upgrade-poppler-demosredhat-upgrade-poppler-develredhat-upgrade-poppler-glibredhat-upgrade-poppler-glib-debuginforedhat-upgrade-poppler-glib-develredhat-upgrade-poppler-qtredhat-upgrade-poppler-qt-develredhat-upgrade-poppler-qt5redhat-upgrade-poppler-qt5-debuginforedhat-upgrade-poppler-qt5-develredhat-upgrade-poppler-utilsredhat-upgrade-poppler-utils-debuginfo

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today