CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
93.4%
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows
remote attackers to cause a denial of service (crash) via a PDF file that
triggers a parsing error, which is not properly handled by
JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory
dereference.
Author | Note |
---|---|
mdeslaur | patch was replaced in a later fix (see second commit) later fix was in USN-759-1 |