Vulnerability Details : CVE-2018-20650
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2018-20650
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20650
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20650
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-20650
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20650
-
http://www.securityfocus.com/bid/106459
Poppler CVE-2018-20650 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2019:2022
RHSA-2019:2022 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
[SECURITY] [DLA 3120-1] poppler security updateMailing List;Third Party Advisory
-
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
FileSpec: Move the fileSpec.dictLookup call inside fileSpec.isDict if (de0c0b83) · Commits · poppler / poppler · GitLabPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html
[SECURITY] [DLA 1939-1] poppler security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3865-1/
USN-3865-1: poppler vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
[SECURITY] [DLA 2440-1] poppler security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2713
RHSA-2019:2713 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://gitlab.freedesktop.org/poppler/poppler/issues/704
a reachable abort in FileSpec::FileSpec in FileSpec.cc (#704) · Issues · poppler / poppler · GitLabIssue Tracking;Patch;Third Party Advisory
Jump to