In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
[ { "source": "https://gitlab.freedesktop.org/poppler/poppler@dcd5bd8238ea448addd102ff045badd0aca1b990", "signature_version": "v1", "target": { "file": "poppler/PDFDoc.cc" }, "digest": { "line_hashes": [ "114842602092432893778271834459282916621", "106906025405781008382997333553472705956", "297354338754434299385182409393809636327", "326917231957895818469694738405259608057" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2022-37050-2688e38d" }, { "source": "https://gitlab.freedesktop.org/poppler/poppler@dcd5bd8238ea448addd102ff045badd0aca1b990", "signature_version": "v1", "target": { "file": "poppler/PDFDoc.cc", "function": "PDFDoc::savePageAs" }, "digest": { "length": 5212.0, "function_hash": "233931809287936889414848428528741274552" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-37050-b72075c3" } ]