6.5

CVE-2022-37052

Exploit
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopPoppler Version22.07.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.9% 0.55
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c
Patch
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html