ID CVE-2017-9083
Summary poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:poppler:0.54.0
    cpe:2.3:a:freedesktop:poppler:0.54.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-EADC5F410E.NASL
    description This update fixes CVEs 2017-7511 and 2017-9083. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 100749
    published 2017-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100749
    title Fedora 24 : mingw-poppler (2017-eadc5f410e)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1672-1.NASL
    description This update for poppler fixes the following issues : - CVE-2017-9406: Fixed a memory leak that occurred while parsing invalid XRef attributes (bsc#1042803). - CVE-2017-9083: Fixed a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1040170) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 101058
    published 2017-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101058
    title SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1672-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-0EE7B8DD2A.NASL
    description This update fixes CVEs 2017-7511 and 2017-9083. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-02
    modified 2018-02-01
    plugin id 100729
    published 2017-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100729
    title Fedora 25 : mingw-poppler (2017-0ee7b8dd2a)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201801-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-201801-17 (Poppler: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to open a specially crafted PDF, could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 106116
    published 2018-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106116
    title GLSA-201801-17 : Poppler: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-E8586A44C9.NASL
    description This update fixes CVEs 2017-7511 and 2017-9083. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 101741
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101741
    title Fedora 26 : mingw-poppler (2017-e8586a44c9)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3350-1.NASL
    description Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2017-2820) Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-7511) It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service. (CVE-2017-7515) It was discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause cause poppler to crash, resulting in a denial of service. (CVE-2017-9083) It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service. (CVE-2017-9406, CVE-2017-9408) Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-9775). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 101354
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101354
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : poppler vulnerabilities (USN-3350-1)
refmap via4
gentoo GLSA-201801-17
misc https://bugs.freedesktop.org/show_bug.cgi?id=101084
Last major update 19-05-2017 - 12:29
Published 19-05-2017 - 12:29
Last modified 18-01-2018 - 13:18
Back to Top