CVE-2018-19060 in FreeDesktop and Canonical Products
Published on November 7, 2018
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
Products Associated with CVE-2018-19060
stack.watch emails you whenever new vulnerabilities are published in FreeDesktop Poppler or Canonical Ubuntu Linux. Just hit a watch button to start following.
Exploit Probability
EPSS
0.15%
Percentile
35.26%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.