4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.4%
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc
in the PDF parser in poppler 0.8.7 and possibly other versions up to
0.15.1, and possibly other products, allows context-dependent attackers to
cause a denial of service (crash) via a PDF file that triggers an
uninitialized pointer dereference.
Author | Note |
---|---|
mdeslaur | only affect poppler versions after b1d4efb082 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ipe | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ipe | < any | UNKNOWN |
ubuntu | 22.04 | noarch | ipe | < any | UNKNOWN |
ubuntu | 23.10 | noarch | ipe | < any | UNKNOWN |
ubuntu | 24.04 | noarch | ipe | < any | UNKNOWN |
ubuntu | 16.04 | noarch | ipe | < any | UNKNOWN |
ubuntu | 9.10 | noarch | poppler | < 0.12.0-0ubuntu2.3 | UNKNOWN |
ubuntu | 10.04 | noarch | poppler | < 0.12.4-0ubuntu5.1 | UNKNOWN |
ubuntu | 10.10 | noarch | poppler | < 0.14.3-0ubuntu1.1 | UNKNOWN |
ubuntu | 9.10 | noarch | xpdf | < 3.02-1.4ubuntu2.9.10.2 | UNKNOWN |