Vulnerability Details : CVE-2018-13988
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2018-13988
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-13988
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-13988
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-13988
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-13988
-
https://access.redhat.com/errata/RHSA-2018:3140
RHSA-2018:3140 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHBA-2019:0327
RHBA-2019:0327 - Bug Fix Advisory - Red Hat Customer PortalThird Party Advisory
-
https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee
poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler)Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:3505
RHSA-2018:3505 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1602838
1602838 – (CVE-2018-13988) CVE-2018-13988 poppler: out of bounds read in pdfuniteIssue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
[SECURITY] [DLA 1562-1] poppler security updateMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html
PDFunite 0.62.0 Buffer Overflow ≈ Packet StormThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3757-1/
USN-3757-1: poppler vulnerability | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988
Bug 1102531 – VUL-1: poppler: CVE-2018-13988 poppler: buffer overflow in pdfuniteIssue Tracking;Third Party Advisory
Jump to