PT-2017-19180 · Poppler+4 · Poppler+4

Alberto Garcia

Published

2017-06-22

Updated

2019-03-12

CVE-2017-9776

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 0.56

Description The issue is related to an integer overflow that leads to a heap buffer overflow in the JBIG2Stream.cc file within the pdftocairo component of Poppler. This can be triggered by remote attackers using a crafted PDF document, potentially causing a denial of service (application crash) or other unspecified impacts.

Recommendations For versions prior to 0.56, update to version 0.56 or later to resolve the issue. As a temporary workaround, consider restricting the handling of PDF documents from untrusted sources until the update is applied.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CESA-2017_2550

CESA-2017_2551

CVE-2017-9776

DLA-1074-1

DSA-4079-1

DSA-4079-2

MGASA-2017-0276

MGASA-2017-0329

RHSA-2017:2550

RHSA-2017:2551

RHSA-2017_2550

RHSA-2017_2551

SUSE-SU-2017:1998-1

SUSE-SU-2017:1999-1

USN-3440-1

Affected Products

Centos

Poppler

Red Hat

Suse

Ubuntu

PT-2017-19180 · Poppler+4 · Poppler+4

CVE-2017-9776

Weakness Enumeration

Related Identifiers

Affected Products

References · 49