Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Null Pointer Dereference
Denial Of Service
Poppler
Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.7%