In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
[ { "source": "https://gitlab.freedesktop.org/poppler/poppler@dcd5bd8238ea448addd102ff045badd0aca1b990", "target": { "file": "poppler/PDFDoc.cc" }, "signature_type": "Line", "deprecated": false, "id": "CVE-2022-37050-2688e38d", "digest": { "line_hashes": [ "114842602092432893778271834459282916621", "106906025405781008382997333553472705956", "297354338754434299385182409393809636327", "326917231957895818469694738405259608057" ], "threshold": 0.9 }, "signature_version": "v1" }, { "source": "https://gitlab.freedesktop.org/poppler/poppler@dcd5bd8238ea448addd102ff045badd0aca1b990", "target": { "function": "PDFDoc::savePageAs", "file": "poppler/PDFDoc.cc" }, "signature_type": "Function", "deprecated": false, "id": "CVE-2022-37050-b72075c3", "digest": { "function_hash": "233931809287936889414848428528741274552", "length": 5212.0 }, "signature_version": "v1" } ]