6.5
CVE-2018-16646
- EPSS 2.88%
- Veröffentlicht 06.09.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:53:08
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freedesktop ≫ Poppler Version0.68.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.88% | 0.85 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
https://access.redhat.com/errata/RHSA-2019:2022
https://bugzilla.redhat.com/show_bug.cgi?id=1622951
https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html
https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html
https://usn.ubuntu.com/3837-1/
https://usn.ubuntu.com/3837-2/