poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc...

PT-2018-13669 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.13.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, via a crafted pdf file. This occurs due to a problem in the pdf get xref entry function...