Fluid Attacks Database

Description

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	poppler	>=0 <0.38.0-2	0.38.0-2
debian 13	poppler	>=0 <0.38.0-2	0.38.0-2
rpm rhel7	rest	<0:0.8.1-2.el7	0:0.8.1-2.el7
rpm rhel7	librsvg2	<0:2.40.20-1.el7	0:2.40.20-1.el7
rpm rhel7	gjs	<0:1.52.3-1.el7	0:1.52.3-1.el7
rpm rhel7	gssdp	<0:1.0.2-1.el7	0:1.0.2-1.el7
rpm rhel7	freetype	<0:2.8-12.el7	0:2.8-12.el7
rpm rhel7	brasero	<0:3.12.2-5.el7	0:3.12.2-5.el7
rpm rhel7	gnome-initial-setup	<0:3.28.0-1.el7	0:3.28.0-1.el7
rpm rhel7	libappstream-glib	<0:0.7.8-2.el7	0:0.7.8-2.el7

1-10 of 150

Aliases

1. CVE-2018-107682. NVD-2018-107683. OSV-DEBIAN-2018-107684. OSV-2018-107685. SECURITY-TRACKER-CVE-2018-10768

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.