Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Poppler | Freedesktop | * | 0.70.0 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | evince-0:3.28.2-8.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | okular-0:4.10.5-7.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | poppler-0:0.26.5-38.el7 | * |
| Poppler | Ubuntu | bionic | * |
| Poppler | Ubuntu | cosmic | * |
| Poppler | Ubuntu | esm-infra/bionic | * |
| Poppler | Ubuntu | esm-infra/xenial | * |
| Poppler | Ubuntu | trusty | * |
| Poppler | Ubuntu | xenial | * |
Potential Mitigations
References
- http://www.securityfocus.com/bid/106031
- https://access.redhat.com/errata/RHSA-2019:2022
- https://gitlab.freedesktop.org/poppler/poppler/issues/664
- https://security.gentoo.org/glsa/201904-04
- https://usn.ubuntu.com/3837-1/
- https://usn.ubuntu.com/3837-2/
- http://www.securityfocus.com/bid/106031
- https://access.redhat.com/errata/RHSA-2019:2022
- https://gitlab.freedesktop.org/poppler/poppler/issues/664
- https://security.gentoo.org/glsa/201904-04
- https://usn.ubuntu.com/3837-1/
- https://usn.ubuntu.com/3837-2/