Bug 2293594 (CVE-2024-6239) - CVE-2024-6239 poppler: pdfinfo: crash in broken documents when using -dests parameter
Summary: CVE-2024-6239 poppler: pdfinfo: crash in broken documents when using -dests p...
Keywords:
Status: NEW
Alias: CVE-2024-6239
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2293596 2293595
Blocks: 2293598
TreeView+ depends on / blocked
 
Reported: 2024-06-21 04:41 UTC by TEJ RATHI
Modified: 2024-06-21 13:02 UTC (History)
0 users

Fixed In Version: poppler 24.06.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2024-06-21 04:41:42 UTC 
A vulnerability in Poppler's `pdfinfo` causes the program to crash when processing certain malformed input files. A denial of service by crashing the `pdfinfo` program. 

*Component affected:*
Poppler's `pdfinfo` utility.

*Version affected:*
<= 24.06.0 

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1489
https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
Comment 1 TEJ RATHI 2024-06-21 04:44:37 UTC 
Created mingw-poppler tracking bugs for this issue:

Affects: fedora-all [bug 2293595]


Created poppler tracking bugs for this issue:

Affects: fedora-all [bug 2293596]
Note You need to log in before you can comment on or make changes to this bug.