CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-6239	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2293594	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

24 Jun 2024, 19:06

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:a:freedesktop:poppler:::::::: cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
First Time		Redhat Redhat enterprise Linux Freedesktop poppler Freedesktop
References	~~() https://access.redhat.com/security/cve/CVE-2024-6239 -~~	() https://access.redhat.com/security/cve/CVE-2024-6239 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2293594 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2293594 - Issue Tracking, Patch, Third Party Advisory
Summary		(es) Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. Al utilizar ciertos archivos de entrada con formato incorrecto, un atacante podría provocar que la utilidad fallara, lo que provocaría una denegación de servicio.
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.5
CWE		NVD-CWE-noinfo

21 Jun 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-21 14:15

Updated : 2024-06-24 19:06

NVD link : CVE-2024-6239

Mitre link : CVE-2024-6239

CVE.ORG link : CVE-2024-6239

JSON object : View

Products Affected

redhat

enterprise_linux

freedesktop

poppler

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2024-6239", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-21T14:15:14.007", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-6239", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293594", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el par\u00e1metro -dests con la utilidad pdfinfo. Al utilizar ciertos archivos de entrada con formato incorrecto, un atacante podr\u00eda provocar que la utilidad fallara, lo que provocar\u00eda una denegaci\u00f3n de servicio."}], "lastModified": "2024-06-24T19:06:27.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D378E45-D903-4883-931C-871444E32714", "versionEndExcluding": "24.06.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}