VDB
GCVE-110-MAGEIA-2019-92
GCVE-110-MAGEIA-2019-92
Advisory Published
An issue was discovered in Poppler 0.71.0. There is a memory leak in
GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by
pdftocairo. (CVE-2018-18897)
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef
entries, which allows remote attackers to cause a denial of service (NULL
pointer dereference) via a crafted PDF document, when XRefEntry::setFlag
in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers
to cause a denial of service due to construction of invalid rich media
annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551)
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers
to cause a denial of service due to the lack of a check for the dict data
type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in
pdfdetach. (CVE-2018-20650)
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer
signedness error in the XRef::getEntry function in XRef.cc) allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted PDF document, as demonstrated
by pdftocairo. (CVE-2019-7310)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-paramiko | 0 (affected), 2.6.0-1.mga7 (unaffected) | — |
| Mageia | poppler | 0 (affected), 0.52.0-3.11.mga6 (unaffected), 0 (affected), 0.52.0-3.11.mga6 (unaffected) | — |
Aliases
References
Updated python-paramiko packages
advisory
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.