OSV-2023-728

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/poppler/OSV-2023-728.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-728

Published

2023-08-24T14:00:27.838220Z

Modified

2024-04-29T14:13:55.378729Z

Summary

Use-of-uninitialized-value in aesEncryptBlock

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61670

Crash type: Use-of-uninitialized-value
Crash state:
aesEncryptBlock
EncryptStream::lookChar
BaseCryptStream::getChar

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61670

Affected packages

OSS-Fuzz / poppler

Package

Name: poppler
Purl: pkg:generic/poppler

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/poppler/poppler.git
Events: Introduced

2c403ec533ad9ad821c37e3f80f8f361ce9cdea8

Fixed

0ad01ca51e6b6e061ba85db5b906dfc299dba8e1

Affected versions

poppler-23.*

poppler-23.07.0

poppler-23.08.0

poppler-23.09.0

poppler-23.10.0

poppler-23.11.0

poppler-23.12.0

poppler-24.*

poppler-24.01.0

poppler-24.02.0

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "6ebe45e8dceae11d02c74df47c34f4490a45a15e:d9d1550a3e337e041cf2801dfcb0366fcb5b16d0",
    "fixed_range": "3d8dac5ec9f1cdedada07c4c2fc02e43d5e14f9e:0ad01ca51e6b6e061ba85db5b906dfc299dba8e1"
}