Fluid Attacks Database

Description

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	poppler	>=0 <0.69.0-2	0.69.0-2
debian 11	poppler	>=0 <0.69.0-2	0.69.0-2
debian 13	poppler	>=0 <0.69.0-2	0.69.0-2
debian 14	poppler	>=0 <0.69.0-2	0.69.0-2
rpm rhel7	librsvg2	<0:2.40.20-1.el7	0:2.40.20-1.el7
rpm rhel7	pyatspi	<0:2.26.0-3.el7	0:2.26.0-3.el7
rpm rhel7	dconf-editor	<0:3.28.0-1.el7	0:3.28.0-1.el7
rpm rhel7	libgxps	<0:0.3.0-4.el7	0:0.3.0-4.el7
rpm rhel7	libsecret	<0:0.18.6-1.el7	0:0.18.6-1.el7
rpm rhel7	mutter	<0:3.28.3-4.el7	0:3.28.3-4.el7

1-10 of 152

Aliases

1. CVE-2018-139882. NVD-2018-139883. OSV-DEBIAN-2018-139884. OSV-2018-139885. SECURITY-TRACKER-CVE-2018-13988

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.