CVE-2018-19059

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
            ],
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "last_affected": "14.04"
                },
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "last_affected": "18.10"
                }
            ]
        }
    ]
}

References

CVE-2018-19059

Affected packages