Unrated severityNVD Advisory· Published Aug 22, 2023· Updated Nov 3, 2025
CVE-2022-37050
CVE-2022-37050
Description
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
Affected products
28- Poppler/Popplerdescription
- osv-coords27 versionspkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/poppler-qt5&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/poppler&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/poppler&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/poppler&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/poppler-qt5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 22.01.0-150400.3.11.2+ 26 more
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.62.0-150000.4.25.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 0.43.0-16.35.2
- (no CPE)range: < 0.62.0-150000.4.25.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.43.0-16.35.2
- (no CPE)range: < 0.62.0-150000.4.25.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.24.4-14.36.2
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 0.79.0-150200.3.21.2
- (no CPE)range: < 22.01.0-150400.3.11.2
- (no CPE)range: < 0.43.0-16.35.2
- (no CPE)range: < 0.43.0-16.35.2
- (no CPE)range: < 0.43.0-16.35.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.