VDB

GCVE-VVD-MAGEIA-2018-290

GCVE-VVD-MAGEIA-2018-290
Advisory Published
Vulnetix · Advisory published June 19, 2018
The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. (CVE-2017-18267) There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. (CVE-2018-10768)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiapoppler0 (affected), 0.26.5-2.9.mga5 (unaffected)
Mageiapoppler0 (affected), 0.52.0-3.7.mga6 (unaffected)

References

Updated poppler packages fix security vulnerability
advisory
Updated poppler packages fix security vulnerability
issue
Updated poppler packages fix security vulnerability
issue
Updated poppler packages fix security vulnerability
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›