### [CVE-2018-20662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

### POC

#### Reference
- https://gitlab.freedesktop.org/poppler/poppler/issues/706
- https://gitlab.freedesktop.org/poppler/poppler/issues/706

#### Github
- https://github.com/0xCyberY/CVE-T4PDF
- https://github.com/ARPSyndicate/cvemon