Search for vulnerabilities
Vulnerability details: VCID-364a-fvzj-aaah
Vulnerability ID VCID-364a-fvzj-aaah
Aliases CVE-2023-34872
Summary A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34872.json
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2023-34872
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-34872
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-34872
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34872.json
https://api.first.org/data/v1/epss?cve=CVE-2023-34872
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/
1042811 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042811
2227884 https://bugzilla.redhat.com/show_bug.cgi?id=2227884
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
CVE-2023-34872 https://nvd.nist.gov/vuln/detail/CVE-2023-34872
USN-6273-1 https://usn.ubuntu.com/6273-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34872.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34872
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34872
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.38356
EPSS Score 0.00164
Published At June 8, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.