PT-2017-15558 · Poppler+2 · Poppler+2
Published
2017-07-07
·
Updated
2023-01-27
·
CVE-2017-2820
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Poppler version 0.53.0
Description
An integer overflow issue exists in the JPEG 2000 image parsing functionality. A specially crafted PDF file can cause an integer overflow, leading to out of bounds memory overwrite on the heap, potentially resulting in arbitrary code execution. This can be triggered when a victim opens the malicious PDF in an application using this library.
Recommendations
For Poppler version 0.53.0, consider avoiding the use of JPEG 2000 image parsing functionality until a patch is available. As a temporary workaround, restrict the opening of PDF files from untrusted sources to minimize the risk of exploitation.
Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Poppler
Ubuntu