{"id":"CVE-2018-10768","details":"There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.","modified":"2026-04-11T12:06:34.087234Z","published":"2018-05-06T23:29:00.300Z","related":["MGASA-2018-0290","SUSE-SU-2020:1626-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"3.3"}],"cpe":"cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3647-1/"},{"type":"FIX","url":"https://bugs.freedesktop.org/show_bug.cgi?id=106408"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/poppler/poppler","events":[{"introduced":"0"},{"fixed":"88415426df363f1ef86b741cbc3587a89d31aa1f"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.41.0"}],"cpe":"cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*"}}],"versions":["poppler-0.10.0","poppler-0.11.0","poppler-0.11.1","poppler-0.11.2","poppler-0.11.3","poppler-0.12.0","poppler-0.13.1","poppler-0.13.2","poppler-0.13.3","poppler-0.13.4","poppler-0.14.0","poppler-0.15.0","poppler-0.15.1","poppler-0.15.2","poppler-0.15.3","poppler-0.16.0","poppler-0.17.0","poppler-0.17.1","poppler-0.17.2","poppler-0.17.3","poppler-0.17.4","poppler-0.18.0","poppler-0.19.0","poppler-0.19.1","poppler-0.19.2","poppler-0.19.3","poppler-0.19.4","poppler-0.2.0","poppler-0.20.0","poppler-0.21.0","poppler-0.21.1","poppler-0.21.3","poppler-0.21.4","poppler-0.22.0","poppler-0.23.0","poppler-0.23.1","poppler-0.23.2","poppler-0.23.3","poppler-0.23.4","poppler-0.24.0","poppler-0.25.0","poppler-0.25.1","poppler-0.25.2","poppler-0.25.3","poppler-0.26.0","poppler-0.28.0","poppler-0.28.1","poppler-0.29.0","poppler-0.3.0","poppler-0.3.1","poppler-0.3.2","poppler-0.3.3","poppler-0.30.0","poppler-0.31.0","poppler-0.32.0","poppler-0.33.0","poppler-0.34.0","poppler-0.35.0","poppler-0.36","poppler-0.37","poppler-0.38.0","poppler-0.39","poppler-0.4.0","poppler-0.40.0","poppler-0.5.0","poppler-0.5.1","poppler-0.5.2","poppler-0.5.3","poppler-0.5.4","poppler-0.6.0","poppler-0.6.0.RC1","poppler-0.7.0","poppler-0.7.2","poppler-0.7.3","poppler-0.8.0","poppler-0.9.0","poppler-0.9.1","poppler-0.9.2","poppler-0.9.3","poppler-before-fontconfig"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10768.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}