Published: 02/10/2017 Updated: 03/05/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an malicious user to launch a denial of service attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop poppler 0.59.0
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in poppler ...

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed For the oldstable distribution (jessie), these problems have been fixed in version 0265-2+deb8u2 For the stable distribution (stretch), these problems have ...

Debian Bug report logs - #877957 poppler: CVE-2017-14975: NULL pointer dereference in FoFiType1C::convertToType0 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, ...

Debian Bug report logs - #877239 poppler: CVE-2017-14926 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Sep 2017 19:39:01 UTC Severity: important Tags: fix ...

Debian Bug report logs - #876081 poppler: CVE-2017-14520 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Sep 2017 09:57:04 UTC Severity: important Tags: fix ...

Debian Bug report logs - #876385 poppler: CVE-2017-14617: Floating point exception in Streamcc ImageStream::ImageStream() Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> ...

Debian Bug report logs - #876086 poppler: CVE-2017-14519 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Sep 2017 10:09:01 UTC Severity: important Tags: fix ...

Debian Bug report logs - #879066 poppler: CVE-2017-15565: NULL pointer dereference vulnerability in GfxStatecc Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, ...

Debian Bug report logs - #877954 poppler: CVE-2017-14976: heap overflow in FoFiType1C::convertToType0 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Oct 201 ...

Debian Bug report logs - #876082 poppler: CVE-2017-14518 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Sep 2017 09:57:07 UTC Severity: important Tags: fix ...

Debian Bug report logs - #877952 poppler: CVE-2017-14977: NULL pointer dereference in FoFiTrueType::getCFFBlock Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, ...

Debian Bug report logs - #877222 poppler: CVE-2017-14929 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Sep 2017 17:27:25 UTC Severity: important Tags: fix ...

Debian Bug report logs - #876079 poppler: CVE-2017-14517 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Sep 2017 09:54:02 UTC Severity: important Tags: fix ...

Debian Bug report logs - #877237 poppler: CVE-2017-14927 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Sep 2017 19:24:01 UTC Severity: important Tags: fix ...

Debian Bug report logs - #877231 poppler: CVE-2017-14928 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Sep 2017 18:51:05 UTC Severity: important Tags: fix ...

Developing security in the Software Development Life Cycle (SDLC)

Content SDLC (Software Development Life Cycle) Security Introdution to OWASP Top 10 [2021] SDLC (Software Development Life Cycle) Requirement Analysis Build out requirements for what it is that you are going to develop High level view of requirements and goals Extracts requirements or requirements analysis Clients have an idea of what they want - not how Scope defined a

Developing security in the Software Development Life Cycle (SDLC)

CWE-476 https://bugs.freedesktop.org/show_bug.cgi?id=103045 https://www.debian.org/security/2018/dsa-4079 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://usn.ubuntu.com/3440-1/https://nvd.nist.gov

Get Started

CVE-2017-14977

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect