NULL Pointer Dereference in Poppler 0.71.0 Leads to Denial of Service

NULL Pointer Dereference in Poppler 0.71.0 Leads to Denial of Service

CVE-2018-19060 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

Learn more about our Web Application Penetration Testing UK.