A flaw was found in Poppler 0.72.0. A reachable Object::getString assertion allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
Created mingw-poppler tracking bugs for this issue:
Affects: fedora-all [bug 1665261]
Created poppler tracking bugs for this issue:
Affects: fedora-all [bug 1665260]
Unable to reproduce this on Red Hat Enterprise Linux 5,6 or 7.
pdfdetach -save 1 poc1.pdf
Syntax Error: End of file inside dictionary
Syntax Warning: No valid XRef size in trailer
Syntax Error: Bad bounding box for annotation
Command Line Error: Invalid file number
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):