1. Home
  2. CVE Database
  3. CVE-2018-19058
MEDIUM · 6.5

CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded f...

Vulnerability Description

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
FreedesktopPoppler0.71.0
CanonicalUbuntu Linux14.04
DebianDebian Linux8.0
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Workstation7.0

Related Weaknesses (CWE)

CWE-670

References

FAQ

What is CVE-2018-19058?

CVE-2018-19058 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded f...

How severe is CVE-2018-19058?

CVE-2018-19058 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19058?

Check the references section above for vendor advisories and patch information. Affected products include: Freedesktop Poppler, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.