An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
https://usn.ubuntu.com/3837-1/
https://access.redhat.com/errata/RHSA-2019:2022
https://gitlab.freedesktop.org/poppler/poppler/issues/660
Source: Mitre, NVD
Published: 2018-11-07
Updated: 2024-11-21
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS: 0.0015