Login Sign Up

CVE-2024-6239

7.5 HIGH
Denial of Service

📋 TL;DR

A vulnerability in Poppler's Pdfinfo utility allows attackers to cause denial of service by crashing the application when using the -dests parameter with specially crafted PDF files. This affects systems running vulnerable versions of Poppler's pdfinfo tool. The impact is limited to availability of the pdfinfo utility itself.

💻 Affected Systems

Products:
  • Poppler pdfinfo utility
Versions: Versions prior to the fix (specific version numbers not provided in CVE references)
Operating Systems: Linux distributions with Poppler packages, Any OS running vulnerable Poppler
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects pdfinfo when using the -dests parameter with malicious PDF files.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Poppler by Freedesktop

View all CVEs affecting Poppler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for pdfinfo utility, potentially disrupting PDF processing workflows that rely on this tool.

🟠

Likely Case

Temporary unavailability of pdfinfo utility when processing malicious PDF files, requiring restart of the process.

🟢

If Mitigated

Minimal impact if pdfinfo is not exposed to untrusted input or if patched versions are used.

🌐 Internet-Facing: LOW - pdfinfo is typically a command-line utility not directly exposed to internet traffic.
🏢 Internal Only: MEDIUM - Could be exploited by malicious internal users or through processing of untrusted PDF files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires ability to provide malicious PDF input to pdfinfo with -dests parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories RHSA-2024:5305 and RHSA-2024:9167 for specific patched versions

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-6239

Restart Required: No

Instructions:

1. Update Poppler packages using your distribution's package manager. 2. For Red Hat systems: 'yum update poppler' or 'dnf update poppler'. 3. Verify the update installed successfully.

🔧 Temporary Workarounds

Avoid -dests parameter

all

Do not use the -dests parameter with pdfinfo when processing untrusted PDF files

Input validation

all

Validate PDF files before processing with pdfinfo, especially when using -dests parameter

🧯 If You Can't Patch

  • Restrict access to pdfinfo utility to trusted users only
  • Implement strict input validation for PDF files processed by pdfinfo

🔍 How to Verify

Check if Vulnerable:

Check Poppler version: 'pdfinfo --version' or 'rpm -q poppler' (Red Hat) or 'dpkg -l | grep poppler' (Debian/Ubuntu)

Check Version:

pdfinfo --version

Verify Fix Applied:

Verify Poppler package version matches or exceeds patched version from Red Hat advisories

📡 Detection & Monitoring

Log Indicators:

  • pdfinfo process crashes
  • segmentation faults in pdfinfo logs
  • unexpected termination of pdfinfo

Network Indicators:

  • None - local utility only

SIEM Query:

Process termination events for pdfinfo with exit code indicating crash (e.g., SIGSEGV)

📊 Metadata

CVE ID: CVE-2024-6239
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: June 21, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6239, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)