CVE-2017-9865
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
25/06/2017
Last modified:
20/04/2025
Description
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
- https://bugs.freedesktop.org/show_bug.cgi?id=100774
- https://security.gentoo.org/glsa/201801-17
- https://usn.ubuntu.com/4042-1/
- https://www.debian.org/security/2018/dsa-4079
- http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
- https://bugs.freedesktop.org/show_bug.cgi?id=100774
- https://security.gentoo.org/glsa/201801-17
- https://usn.ubuntu.com/4042-1/
- https://www.debian.org/security/2018/dsa-4079