Vulnerabilities > CVE-2022-37051 - Reachable Assertion vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

freedesktop

debian

CWE-617

NVD

Published: 2023-08-22

Updated: 2023-12-08

Summary

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

Vulnerable Configurations

Part	Description	Count
Application	Freedesktop Freedesktop Poppler 22.07.0	1
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b
https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html