Vulnerabilities > CVE-2022-37050

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

freedesktop

debian

NVD

Published: 2023-08-22

Updated: 2024-11-21

Summary

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

Vulnerable Configurations

Part	Description	Count
Application	Freedesktop Freedesktop Poppler 22.07.0	1
OS	Debian Debian Debian Linux 10.0	1

References

https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html
https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990
https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274

Vulnerabilities > CVE-2022-37050 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-37050"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-37050