Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-9775

Published: 22/06/2017 Updated: 12/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Freedesktop

Vulnerability Summary

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler prior to 0.56 allows remote malicious users to cause a denial of service (application crash) via a crafted PDF document.

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop poppler

debian debian linux 8.0

debian debian linux 9.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server tus 7.4

Vendor Advisories

Ubuntu Security Notice: poppler vulnerabilities
poppler could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-4079-1 poppler -- security update
Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed For the oldstable distribution (jessie), these problems have been fixed in version 0265-2+deb8u2 For the stable distribution (stretch), these problems have ...
Debian CVElist Bug Report Logs: poppler: CVE-2017-9776: integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document
Debian Bug report logs - #865679 poppler: CVE-2017-9776: integer overflow leading to heap buffer overflow in JBIG2Streamcc via a crafted PDF document Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso ...
Debian CVElist Bug Report Logs: poppler: CVE-2017-7511
Debian Bug report logs - #863759 poppler: CVE-2017-7511 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 31 May 2017 06:09:02 UTC Severity: normal Tags: fixed-u ...
Debian CVElist Bug Report Logs: poppler: CVE-2017-9865 stack-based overflow leading to denial-of-service
Debian Bug report logs - #867477 poppler: CVE-2017-9865 stack-based overflow leading to denial-of-service Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Antoine Beaupre <anarcat@orangeseedsorg> Date: Thu, 6 Jul 2017 1 ...
Debian CVElist Bug Report Logs: poppler: CVE-2017-9775: stack buffer overflow in GfxState.cc
Debian Bug report logs - #865680 poppler: CVE-2017-9775: stack buffer overflow in GfxStatecc Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Jun 2017 17:27: ...
Debian CVElist Bug Report Logs: poppler: CVE-2017-9408: memory leak in Object::initArray
Debian Bug report logs - #864009 poppler: CVE-2017-9408: memory leak in Object::initArray Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Jun 2017 03:09:01 U ...
Debian CVElist Bug Report Logs: poppler: CVE-2017-9406: memory leak parsing XRef entries
Debian Bug report logs - #864010 poppler: CVE-2017-9406: memory leak parsing XRef entries Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Jun 2017 03:15:02 U ...
Amazon Linux AMI: ALAS-2017-902
Stack-buffer overflow in GfxStatecc:A stack-based buffer overflow was found in the poppler library An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened (CVE-2017-9775) Integer overflow in JBIG2Streamcc:An integer overflow leading ...
Red Hat: CVE-2017-9775
A stack-based buffer overflow was found in the poppler library An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened ...
Arch Linux Issues:
A stack buffer overflow in has been found in GfxStatecc's module of poppler Due to some restrictions in the lines after the bug, an attacker can't control the values written in the stack so it unlikely this could lead to a code execution ...

References

CWE-119https://bugs.freedesktop.org/show_bug.cgi?id=101540http://www.securityfocus.com/bid/99241https://access.redhat.com/errata/RHSA-2017:2551https://www.debian.org/security/2018/dsa-4079https://usn.ubuntu.com/3350-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook