Published: 22/06/2017 Updated: 12/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler prior to 0.56 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop poppler
debian debian linux 8.0
debian debian linux 9.0
redhat enterprise linux server tus 7.6
redhat enterprise linux server 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.6
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux desktop 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server eus 7.5
redhat enterprise linux server tus 7.4

Several security issues were fixed in poppler ...

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed For the oldstable distribution (jessie), these problems have been fixed in version 0265-2+deb8u2 For the stable distribution (stretch), these problems have ...

Debian Bug report logs - #865679 poppler: CVE-2017-9776: integer overflow leading to heap buffer overflow in JBIG2Streamcc via a crafted PDF document Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso ...

Debian Bug report logs - #863759 poppler: CVE-2017-7511 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 31 May 2017 06:09:02 UTC Severity: normal Tags: fixed-u ...

Debian Bug report logs - #867477 poppler: CVE-2017-9865 stack-based overflow leading to denial-of-service Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Antoine Beaupre <anarcat@orangeseedsorg> Date: Thu, 6 Jul 2017 1 ...

Debian Bug report logs - #865680 poppler: CVE-2017-9775: stack buffer overflow in GfxStatecc Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Jun 2017 17:27: ...

Debian Bug report logs - #864009 poppler: CVE-2017-9408: memory leak in Object::initArray Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Jun 2017 03:09:01 U ...

Debian Bug report logs - #864010 poppler: CVE-2017-9406: memory leak parsing XRef entries Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Jun 2017 03:15:02 U ...

Stack-buffer overflow in GfxStatecc:A stack-based buffer overflow was found in the poppler library An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened (CVE-2017-9775) Integer overflow in JBIG2Streamcc:An integer overflow leading ...

An integer overflow leading to heap-based buffer overflow was found in the poppler library An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened ...

Integer overflow leading to heap overflow in JBIG2Streamcc ...

CWE-190 https://bugs.freedesktop.org/show_bug.cgi?id=101541 http://www.securityfocus.com/bid/99240 https://access.redhat.com/errata/RHSA-2017:2551 https://access.redhat.com/errata/RHSA-2017:2550 https://www.debian.org/security/2018/dsa-4079 https://usn.ubuntu.com/3440-1/https://nvd.nist.gov

Get Started

CVE-2017-9776

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect