PT-2017-13796 · Poppler+2 · Poppler+2

Albert Astals Cid

Published

2017-10-01

Updated

2019-05-03

CVE-2017-14976

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Poppler version 0.59.0

Description The issue arises from a heap-based buffer over-read in the FoFiType1C::convertToType0 function, located in FoFiType1C.cc. This occurs when an out-of-bounds font dictionary index is encountered, allowing an attacker to potentially launch a denial of service attack.

Recommendations For Poppler version 0.59.0, consider applying a patch or updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to potentially malicious font files to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-14976

DLA-1177-1

DSA-4079-1

MGASA-2017-0402

OPENSUSE-SU-2018_1721-1

SUSE-SU-2018:1662-1

USN-3517-1

Affected Products

Poppler

Suse

Ubuntu

PT-2017-13796 · Poppler+2 · Poppler+2

CVE-2017-14976

Weakness Enumeration

Related Identifiers

Affected Products

References · 47