A vulnerability in the EmbFile::save2 function of Poppler could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to insufficient stream checks by the EmbFile::save2 function, as defined in the FileSpec.cc source code file of the affected software, before an embedded file is saved. An attacker could exploit this vulnerability by persuading a user to access an embedded file that submits malicious input to the targeted system. A successful exploit could cause a reachable abort condition in the Object.h file, which could result in a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Poppler has confirmed the vulnerability and released a software patch.
Security Impact Rating: Low