Vulnerability Details CVE-2018-20551
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://access.redhat.com/errata/RHSA-2019:2713
- https://gitlab.freedesktop.org/poppler/poppler/issues/703
- https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146
- https://usn.ubuntu.com/3886-1/
- https://access.redhat.com/errata/RHSA-2019:2713
- https://gitlab.freedesktop.org/poppler/poppler/issues/703
- https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146
- https://usn.ubuntu.com/3886-1/
Products affected by CVE-2018-20551
-
cpe:2.3:a:freedesktop:poppler:0.72.0
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10