Vulnerabilities > CVE-2018-21009 - Integer Overflow or Wraparound vulnerability in Freedesktop Poppler
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1939.NASL description Several issues in poppler, a PDF rendering library, have been fixed. CVE-2018-20650 A missing check for the dict data type could lead to a denial of service. CVE-2018-21009 An integer overflow might happen in Parser::makeStream. CVE-2019-12493 A stack-based buffer over-read by a crafted PDF file might happen in PostScriptFunction::transform because some functions mishandle tint transformation. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 129475 published 2019-10-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129475 title Debian DLA-1939-1 : poppler security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1074.NASL description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2020:1074. last seen 2020-06-06 modified 2020-04-10 plugin id 135331 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135331 title CentOS 7 : evince / poppler (CESA-2020:1074) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL description * poppler: integer overflow in Parser::makeStream in Parser.cc * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler: integer overflow in JPXStream::init function leading to memory consumption * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() last seen 2020-04-30 modified 2020-04-21 plugin id 135829 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135829 title Scientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407)
Redhat
rpms |
|
References
- https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
- https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
- https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html