Vulnerability Details : CVE-2022-37051
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
Vulnerability category: Denial of service
Products affected by CVE-2022-37051
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-37051
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-37051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-37051
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-37051
-
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b
Check isDict before calling getDict (46311156) · Commits · poppler / poppler · GitLabPatch
-
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
SIGABRT at poppler/Object.h:435 (pdfunite) (#1276) · Issues · poppler / poppler · GitLabExploit;Issue Tracking
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html
[SECURITY] [DLA 3620-1] poppler security updateMailing List;Third Party Advisory
Jump to