CVE-2018-13988
6.5
MEDIUM
CVSS 3.1
EPSS 0.70%
Description
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
How to fix CVE-2018-13988
To remediate CVE-2018-13988, upgrade the affected package to a fixed version below.
- Debian/poppler—upgrade to 0.69.0-2 or later
Is CVE-2018-13988 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.69.0-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |