Fluid Attacks Database

Description

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	poppler	>=0 <0.85.0-2	0.85.0-2
debian 14	poppler	>=0 <0.85.0-2	0.85.0-2
debian 11	poppler	>=0 <0.85.0-2	0.85.0-2
rpm rhel7	okular	<0:4.10.5-7.el7	0:4.10.5-7.el7
debian 12	poppler	>=0 <0.85.0-2	0.85.0-2
rpm rhel7	evince	<0:3.28.2-8.el7	0:3.28.2-8.el7
rpm rhel5	poppler	-	-
rpm rhel7	poppler	<0:0.26.5-38.el7	0:0.26.5-38.el7
rpm rhel6	poppler	-	-
rpm rhel8	poppler	<0:0.66.0-11.el8_0.12	0:0.66.0-11.el8_0.12

Aliases

1. CVE-2018-206502. NVD-2018-206503. OSV-DEBIAN-2018-206504. OSV-2018-206505. SECURITY-TRACKER-CVE-2018-20650

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.