CVE-2018-19060

Sažetak

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

Reference

https://access.redhat.com/errata/RHSA-2019:2022
https://gitlab.freedesktop.org/poppler/poppler/issues/660
https://usn.ubuntu.com/3837-1/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

06-08-2019 - 17:15

Objavljeno

07-11-2018 - 16:29