PT-2017-19180 · Poppler+4 · Poppler+4

Alberto Garcia

Publicado

2017-06-22

Atualizado

2019-03-12

CVE-2017-9776

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 0.56

Description The issue is related to an integer overflow that leads to a heap buffer overflow in the JBIG2Stream.cc file within the pdftocairo component of Poppler. This can be triggered by remote attackers using a crafted PDF document, potentially causing a denial of service (application crash) or other unspecified impacts.

Recommendations For versions prior to 0.56, update to version 0.56 or later to resolve the issue. As a temporary workaround, consider restricting the handling of PDF documents from untrusted sources until the update is applied.

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CESA-2017_2550

CESA-2017_2551

CVE-2017-9776

DLA-1074-1

DSA-4079-1

DSA-4079-2

MGASA-2017-0276

MGASA-2017-0329

RHSA-2017:2550

RHSA-2017:2551

RHSA-2017_2550

RHSA-2017_2551

SUSE-SU-2017:1998-1

SUSE-SU-2017:1999-1

USN-3440-1

Produtos afetados

Centos

Poppler

Red Hat

Suse

Ubuntu

PT-2017-19180 · Poppler+4 · Poppler+4

CVE-2017-9776

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 49