CVE-2018-20751

CVE-2018-20751

Name

CVE-2018-20751

Description

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://sourceforge.net/p/podofo/tickets/33/
Exploit	https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/

Type

URI

Exploit

https://sourceforge.net/p/podofo/tickets/33/

Exploit

https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:podofo_project:podofo:0.9.6:::::::*`	podofo	== None	== 0.9.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:podofo_project:podofo:0.9.6:*:*:*:*:*:*:*

podofo

== None

== 0.9.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
podofo	edge-community	0.9.7-r0	Francesco Colista <fcolista@alpinelinux.org>	fixed
podofo	edge-community	0.9.6-r0	None	possibly vulnerable
podofo	3.22-community	0.9.7-r0	None	fixed
podofo	3.22-community	0.9.6-r0	None	possibly vulnerable
podofo	3.21-community	0.9.7-r0	None	fixed
podofo	3.20-community	0.9.7-r0	None	fixed
podofo	3.19-community	0.9.7-r0	None	fixed
podofo	3.18-community	0.9.7-r0	None	fixed
podofo	3.17-community	0.9.7-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

podofo

edge-community

0.9.7-r0

Francesco Colista <fcolista@alpinelinux.org>

fixed

podofo

edge-community