Loop with Unreachable Exit Condition ('Infinite Loop') Affecting poppler-utils package, versions *
Threat Intelligence
EPSS
1.91% (89th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS6-POPPLERUTILS-1995732
- published 26 Jul 2021
- disclosed 28 Aug 2018
Introduced: 28 Aug 2018
CVE-2018-16646 Open this link in a new tabHow to fix?
There is no fixed version for Centos:6 poppler-utils.
NVD Description
Note: Versions mentioned in the description apply only to the upstream poppler-utils package and not the poppler-utils package as distributed by Centos.
See How to fix? for Centos:6 relevant fixed versions and status.
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
References
- https://access.redhat.com/security/cve/CVE-2018-16646
- https://bugzilla.redhat.com/show_bug.cgi?id=1622951
- https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html
- https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
- https://access.redhat.com/errata/RHSA-2019:2022
- https://usn.ubuntu.com/3837-1/
- https://usn.ubuntu.com/3837-2/