Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-13988

Good to know:

icon

Date: July 25, 2018

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

Language: SHELL

Severity Score

Related Resources (13)

https://bugzilla.redhat.com/show_bug.cgi?id=1602838
https://usn.ubuntu.com/3757-1/
https://access.redhat.com/errata/RHSA-2018:3140
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988
https://access.redhat.com/errata/RHSA-2018:3505
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
https://access.redhat.com/security/cve/CVE-2018-13988
http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13988
https://security-tracker.debian.org/tracker/CVE-2018-13988
https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee
https://access.redhat.com/errata/RHBA-2019:0327
https://www.mend.io/vulnerability-database/CVE-2018-13988

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

icon

Upgrade Version

Upgrade to version poppler-0.63.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us