CVE-2018-13988

Published: Jul 25, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

Affected (10)

Products: Freedesktop: Poppler · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Freedesktop: Poppler · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Ansible Tower, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation, Openshift Container Platform

1 product

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Poppler	Up to 0.62.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible Tower	Version 3.3.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Openshift Container Platform	Version 3.11

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (18)

http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3140

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3505

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1602838

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee

Source: cve@mitre.org

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3757-1/

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3140

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3505

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1602838

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3757-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.