CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19060

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

https://access.redhat.com/errata/RHSA-2019:2022
https://gitlab.freedesktop.org/poppler/poppler/issues/660
https://usn.ubuntu.com/3837-1/
https://access.redhat.com/errata/RHSA-2019:2022
https://gitlab.freedesktop.org/poppler/poppler/issues/660
https://usn.ubuntu.com/3837-1/

Products affected by CVE-2018-19060

Freedesktop » Poppler » Version: 0.71.0

cpe:2.3:a:freedesktop:poppler:0.71.0
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Canonical » Ubuntu Linux » Version: 18.10

cpe:2.3:o:canonical:ubuntu_linux:18.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19060

Products

Pricing

Contact Us