NULL Pointer Dereference in AnnotPath::getCoordsLength Function in Poppler 0.24.5

NULL Pointer Dereference in AnnotPath::getCoordsLength Function in Poppler 0.24.5

CVE-2018-10768 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.