Poppler < 0.70.0 Denial of Service Vulnerability (CVE-2018-19149)

Medium Nessus Plugin ID 119685


A package installed on the remote host is affected by a denial of service vulnerability.


The version of Poppler installed on the remote host is prior to 0.70.0. It is, therefore, affected by a denial of service (DoS) vulnerability in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment due to a NULL pointer dereference. A local attacker can exploit this issue to cause an application that uses poppler to render PDFs to stop responding.


Upgrade to Poppler version 0.70.0 or later.

See Also


Plugin Details

Severity: Medium

ID: 119685

File Name: poppler_0_70.nasl

Version: 1.2

Type: local

Family: Misc.

Published: 2018/12/14

Updated: 2019/01/04

Dependencies: 12634, 83991

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2018-19149

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:freedesktop:poppler

Required KB Items: Host/local_checks_enabled

Patch Publication Date: 2018/10/22

Vulnerability Publication Date: 2018/11/08

Reference Information

CVE: CVE-2018-19149

BID: 106031