Poppler < 0.70.0 Denial of Service Vulnerability (CVE-2018-19149)
Medium Nessus Plugin ID 119685
SynopsisA package installed on the remote host is affected by a denial of service vulnerability.
DescriptionThe version of Poppler installed on the remote host is prior to 0.70.0. It is, therefore, affected by a denial of service (DoS) vulnerability in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment due to a NULL pointer dereference. A local attacker can exploit this issue to cause an application that uses poppler to render PDFs to stop responding.
SolutionUpgrade to Poppler version 0.70.0 or later.