OSV-2024-345

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/poppler/OSV-2024-345.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-345

Published

2024-04-30T00:03:14.686810Z

Modified

2024-05-27T14:03:03.110153Z

Summary

Use-of-uninitialized-value in aesEncryptBlock

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67066

Crash type: Use-of-uninitialized-value
Crash state:
aesEncryptBlock
EncryptStream::lookChar
BaseCryptStream::getChar

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67066

Affected packages

OSS-Fuzz / poppler

Package

Name: poppler
Purl: pkg:generic/poppler

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/poppler/poppler.git
Events: Introduced

2c403ec533ad9ad821c37e3f80f8f361ce9cdea8

Fixed

fceaba5461e276121e50d858169a53f7434b1e05

Affected versions

poppler-23.*

poppler-23.07.0

poppler-23.08.0

poppler-23.09.0

poppler-23.10.0

poppler-23.11.0

poppler-23.12.0

poppler-24.*

poppler-24.01.0

poppler-24.02.0

poppler-24.03.0

poppler-24.04.0

poppler-24.05.0

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "6ebe45e8dceae11d02c74df47c34f4490a45a15e:d9d1550a3e337e041cf2801dfcb0366fcb5b16d0",
    "fixed_range": "d40bb7e308c9e3299e50d3e2880229cd6272587e:fceaba5461e276121e50d858169a53f7434b1e05"
}