{"id":"CVE-2018-21009","details":"Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.","modified":"2026-03-12T22:51:17.133900Z","published":"2019-09-05T04:15:09.870Z","related":["SUSE-SU-2023:2838-1","SUSE-SU-2023:2906-1","SUSE-SU-2023:2907-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"},{"type":"FIX","url":"https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/poppler/poppler","events":[{"introduced":"0"},{"fixed":"e0eb356d85e2b43751af6ea7ccd753833f8f967c"},{"fixed":"0868c499a9f5f37f8df5c9fef03c37496b40fc8a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.76.0"}]}}],"versions":["poppler-0.10.0","poppler-0.11.0","poppler-0.11.1","poppler-0.11.2","poppler-0.11.3","poppler-0.12.0","poppler-0.13.1","poppler-0.13.2","poppler-0.13.3","poppler-0.13.4","poppler-0.14.0","poppler-0.15.0","poppler-0.15.1","poppler-0.15.2","poppler-0.15.3","poppler-0.16.0","poppler-0.17.0","poppler-0.17.1","poppler-0.17.2","poppler-0.17.3","poppler-0.17.4","poppler-0.18.0","poppler-0.19.0","poppler-0.19.1","poppler-0.19.2","poppler-0.19.3","poppler-0.19.4","poppler-0.2.0","poppler-0.20.0","poppler-0.20.1","poppler-0.20.2","poppler-0.20.3","poppler-0.20.4","poppler-0.20.5","poppler-0.21.0","poppler-0.21.1","poppler-0.21.2","poppler-0.21.3","poppler-0.21.4","poppler-0.22.0","poppler-0.22.1","poppler-0.22.2","poppler-0.22.3","poppler-0.22.4","poppler-0.23.0","poppler-0.23.1","poppler-0.23.2","poppler-0.23.3","poppler-0.23.4","poppler-0.24.0","poppler-0.24.1","poppler-0.24.2","poppler-0.24.3","poppler-0.24.4","poppler-0.24.5","poppler-0.25.0","poppler-0.25.1","poppler-0.25.2","poppler-0.25.3","poppler-0.26.0","poppler-0.26.1","poppler-0.26.2","poppler-0.26.3","poppler-0.26.4","poppler-0.28.0","poppler-0.28.1","poppler-0.29.0","poppler-0.3.0","poppler-0.3.1","poppler-0.3.2","poppler-0.3.3","poppler-0.30.0","poppler-0.31.0","poppler-0.32.0","poppler-0.33.0","poppler-0.34.0","poppler-0.35.0","poppler-0.36","poppler-0.37","poppler-0.38.0","poppler-0.39","poppler-0.4.0","poppler-0.40.0","poppler-0.41.0","poppler-0.42.0","poppler-0.43","poppler-0.44","poppler-0.45","poppler-0.46","poppler-0.47","poppler-0.48","poppler-0.49","poppler-0.5.0","poppler-0.5.1","poppler-0.5.2","poppler-0.5.3","poppler-0.5.4","poppler-0.50","poppler-0.51","poppler-0.52","poppler-0.53","poppler-0.54","poppler-0.55","poppler-0.56","poppler-0.57","poppler-0.58","poppler-0.59","poppler-0.6.0","poppler-0.6.0.RC1","poppler-0.60","poppler-0.60.1","poppler-0.61","poppler-0.61.1","poppler-0.62.0","poppler-0.63.0","poppler-0.64.0","poppler-0.65.0","poppler-0.66.0","poppler-0.67.0","poppler-0.68.0","poppler-0.69.0","poppler-0.7.0","poppler-0.7.1","poppler-0.7.2","poppler-0.7.3","poppler-0.70.0","poppler-0.70.1","poppler-0.71.0","poppler-0.72.0","poppler-0.73.0","poppler-0.74.0","poppler-0.75.0","poppler-0.8.0","poppler-0.9.0","poppler-0.9.1","poppler-0.9.2","poppler-0.9.3","poppler-before-fontconfig"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2018-21009-48bf8395","target":{"file":"poppler/Parser.cc"},"signature_type":"Line","digest":{"line_hashes":["154375407315414143549880905028037258126","82182342157428160508916575157957765478","264751418982462844016162579247917897248","64969021713010401978135441366154185423","213486778590520558100284425021732335989"],"threshold":0.9},"signature_version":"v1","source":"https://gitlab.freedesktop.org/poppler/poppler@0868c499a9f5f37f8df5c9fef03c37496b40fc8a"},{"deprecated":false,"id":"CVE-2018-21009-c803942f","target":{"file":"poppler/Parser.cc","function":"Parser::makeStream"},"signature_type":"Function","digest":{"length":1657,"function_hash":"112702152531844563030401939967697747850"},"signature_version":"v1","source":"https://gitlab.freedesktop.org/poppler/poppler@0868c499a9f5f37f8df5c9fef03c37496b40fc8a"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-21009.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}