Unrated severityNVD Advisory· Published Jul 25, 2018· Updated Aug 5, 2024
CVE-2018-13988
CVE-2018-13988
Description
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
Affected products
18- osv-coords18 versionspkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/poppler&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0.62.0-4.6.1+ 17 more
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.43.0-16.25.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.43.0-16.25.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.24.4-14.26.1
- (no CPE)range: < 0.62.0-4.6.1
- (no CPE)range: < 0.43.0-16.25.1
- (no CPE)range: < 0.43.0-16.25.1
- (no CPE)range: < 0.43.0-16.25.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- access.redhat.com/errata/RHBA-2019:0327mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:3140mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:3505mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3757-1/mitrevendor-advisoryx_refsource_UBUNTU
- packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.htmlmitrex_refsource_MISC
- bugzilla.novell.com/show_bug.cgimitrex_refsource_CONFIRM
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- cgit.freedesktop.org/poppler/poppler/commit/mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/10/msg00024.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.