Debian 7 Wheezy: DLA-1177-1 Critical: Poppler Denial Of Service
debian lts
November 18, 2017
It was discovered that poppler, a PDF rendering library, was affected by several denial-of-service (application crash), null pointer dereferences and heap-based buffer over-read bu...
Topics Covered
Summary
CVE-2017-14975
The FoFiType1C::convertToType0 function in FoFiType1C.cc
has a NULL pointer dereference vulnerability because a data structure
is not initialized, which allows an attacker to launch a denial of
service attack.
CVE-2017-14976
The FoFiType1C::convertToType0 function in FoFiType1C.cc
has a heap-based buffer over-read vulnerability if an out-of-bounds
font dictionary index is encountered, which allows an attacker to
launch a denial of service attack.
CVE-2017-14977
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc
has a NULL pointer dereference vulnerability due to lack of validation
of a table pointer, which allows an attacker to launch a denial of
service attack.
CVE-2017-15565
NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine()
function in GfxState.cc via a crafted PDF document.
For Debian 7 "Wheezy", these problems have been fixed in version
0.18.4-6+deb7u4.
We recommend that you upgrade your poppler packages.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: poppler
Version: 0.18.4-6+deb7u4
CVE ID: CVE-2017-14975 CVE-2017-14976 CVE-2017-14977
Debian Bug: 879066 877952 877954 877957
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!