Always-Incorrect Control Flow Implementation

CVE-2018-19058

Medium

6.5/10

Summary

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-670 - Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References

Advisory Timeline

Published Nov 07, 2018

Always-Incorrect Control Flow Implementation

CVE-2018-19058

Summary

CWE-670 - Always-Incorrect Control Flow Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS