NULL Pointer Dereference in XRef::getEntry in Poppler 0.72.0

NULL Pointer Dereference in XRef::getEntry in Poppler 0.72.0

CVE-2018-20481 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

Learn more about our Web Application Penetration Testing UK.