ID CVE-2017-9776
Summary Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
References
Vulnerable Configurations
  • freedesktop Poppler 0.55.0
    cpe:2.3:a:freedesktop:poppler:0.55.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server TUS 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-883.NASL
    description This update for poppler fixes the following issues : Security issues fixed : - CVE-2017-9775: DoS stack-based buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: NULL pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102217
    published 2017-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102217
    title openSUSE Security Update : poppler (openSUSE-2017-883)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7EAEC3353D.NASL
    description - various flaws: CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 ---- - CVE-2017-9406 CVE-2017-9408 various memory leak flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 101796
    published 2017-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101796
    title Fedora 25 : poppler (2017-7eaec3353d)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0147.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Resolves: rhbz#1479815 (CVE-2017-9776) - Don't crash on streams without Length - Resolves: #1302365 - Use better default pixel size for printing of 0 width lines - Resolves: #1316163 - Identification of fonts directly from streams and files - Resolves: #1208719 - Embed type1 fonts to PostScript files correctly - Resolves: #1232210 - Fix lines disappearing when selecting paragraph - Resolves: #614824 - Silence illegal entry in bfrange block in ToUnicode CMap - Resolves: #710816 - Fix captions of push button fields. - Resolves: #1191907 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639860
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102905
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102905
    title OracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2550.NASL
    description An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102883
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102883
    title CentOS 6 : poppler (CESA-2017:2550)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2550.NASL
    description From Red Hat Security Advisory 2017:2550 : An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 102850
    published 2017-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102850
    title Oracle Linux 6 : poppler (ELSA-2017-2550)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3440-1.NASL
    description It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 17.04 and 16.04. (CVE-2017-14926, CVE-2017-14928) Alberto Garcia, Francisco Oca and Suleman Ali discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-9776). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 103731
    published 2017-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103731
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : poppler vulnerabilities (USN-3440-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1999-1.NASL
    description This update for poppler fixes the following issues: Security issues fixed : - CVE-2017-9775: DoS stack-based buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: NULL pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102070
    published 2017-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102070
    title SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1999-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170830_POPPLER_ON_SL6_X.NASL
    description Security Fix(es) : - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102852
    published 2017-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102852
    title Scientific Linux Security Update : poppler on SL6.x i386/x86_64
  • NASL family Misc.
    NASL id POPPLER_0_56.NASL
    description The version of Poppler installed on the remote host is prior to 0.56.0. It is, therefore, affected by multiple vulnerabilities : - A stack-based overflow condition exists in the getColor() function in GfxState.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF document, to crash the process, resulting in a denial of service condition. (CVE-2017-9775) - An integer overflow condition exists in the combine() function in JBIG2Stream.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-9775)
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 101167
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101167
    title Poppler < 0.56.0 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-5112220E59.NASL
    description - various flaws: CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 ---- - CVE-2017-9406 CVE-2017-9408 various memory leak flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 101633
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101633
    title Fedora 26 : poppler (2017-5112220e59)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2550.NASL
    description An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102950
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102950
    title RHEL 6 : poppler (RHSA-2017:2550)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-93868169A0.NASL
    description This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102397
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102397
    title Fedora 24 : mingw-poppler (2017-93868169a0)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2551.NASL
    description An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102884
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102884
    title CentOS 7 : poppler (CESA-2017:2551)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2551.NASL
    description An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102951
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102951
    title RHEL 7 : poppler (RHSA-2017:2551)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2551.NASL
    description From Red Hat Security Advisory 2017:2551 : An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 102851
    published 2017-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102851
    title Oracle Linux 7 : poppler (ELSA-2017-2551)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1230.NASL
    description According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103088
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103088
    title EulerOS 2.0 SP2 : poppler (EulerOS-SA-2017-1230)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1998-1.NASL
    description This update for poppler fixes the following issues: Security issues fixed : - CVE-2017-9775: Fix a stack overflow bug in pdftocairo that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045719) - CVE-2017-9776: Fix an integer overflow bug that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045721) - CVE-2017-9408: Fix a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1042802) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102069
    published 2017-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102069
    title SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1998-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-BBB664E0A0.NASL
    description This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102029
    published 2017-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102029
    title Fedora 26 : mingw-poppler (2017-bbb664e0a0)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4079.NASL
    description Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 105623
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105623
    title Debian DSA-4079-1 : poppler - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-9FA2CEFA7A.NASL
    description This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102028
    published 2017-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102028
    title Fedora 25 : mingw-poppler (2017-9fa2cefa7a)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-902.NASL
    description Stack-buffer overflow in GfxState.cc : A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) Integer overflow in JBIG2Stream.cc : An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 103572
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103572
    title Amazon Linux AMI : poppler (ALAS-2017-902)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1074.NASL
    description Several buffer and integer overflow issues were discovered in Poppler, a PDF library, that could lead to application crash or possibly other unspecified impact via maliciously crafted files. For Debian 7 'Wheezy', these problems have been fixed in version 0.18.4-6+deb7u2. We recommend that you upgrade your poppler packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102823
    published 2017-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102823
    title Debian DLA-1074-1 : poppler security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1229.NASL
    description According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103087
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103087
    title EulerOS 2.0 SP1 : poppler (EulerOS-SA-2017-1229)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170830_POPPLER_ON_SL7_X.NASL
    description Security Fix(es) : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102853
    published 2017-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102853
    title Scientific Linux Security Update : poppler on SL7.x x86_64
redhat via4
advisories
  • bugzilla
    id 1466443
    title CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment poppler is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550007
        • comment poppler is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859006
      • AND
        • comment poppler-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550021
        • comment poppler-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859014
      • AND
        • comment poppler-glib is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550013
        • comment poppler-glib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859016
      • AND
        • comment poppler-glib-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550009
        • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859020
      • AND
        • comment poppler-qt is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550005
        • comment poppler-qt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859018
      • AND
        • comment poppler-qt-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550017
        • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859012
      • AND
        • comment poppler-qt4 is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550019
        • comment poppler-qt4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859022
      • AND
        • comment poppler-qt4-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550011
        • comment poppler-qt4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859008
      • AND
        • comment poppler-utils is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550015
        • comment poppler-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859010
    rhsa
    id RHSA-2017:2550
    released 2017-08-30
    severity Moderate
    title RHSA-2017:2550: poppler security update (Moderate)
  • bugzilla
    id 1466443
    title CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment poppler is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551011
        • comment poppler is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859006
      • AND
        • comment poppler-cpp is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551021
        • comment poppler-cpp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162580006
      • AND
        • comment poppler-cpp-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551023
        • comment poppler-cpp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162580016
      • AND
        • comment poppler-demos is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551019
        • comment poppler-demos is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162580022
      • AND
        • comment poppler-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551013
        • comment poppler-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859014
      • AND
        • comment poppler-glib is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551009
        • comment poppler-glib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859016
      • AND
        • comment poppler-glib-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551007
        • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859020
      • AND
        • comment poppler-qt is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551005
        • comment poppler-qt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859018
      • AND
        • comment poppler-qt-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551017
        • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859012
      • AND
        • comment poppler-utils is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551015
        • comment poppler-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859010
    rhsa
    id RHSA-2017:2551
    released 2017-08-30
    severity Moderate
    title RHSA-2017:2551: poppler security update (Moderate)
rpms
  • poppler-0:0.12.4-12.el6_9
  • poppler-devel-0:0.12.4-12.el6_9
  • poppler-glib-0:0.12.4-12.el6_9
  • poppler-glib-devel-0:0.12.4-12.el6_9
  • poppler-qt-0:0.12.4-12.el6_9
  • poppler-qt-devel-0:0.12.4-12.el6_9
  • poppler-qt4-0:0.12.4-12.el6_9
  • poppler-qt4-devel-0:0.12.4-12.el6_9
  • poppler-utils-0:0.12.4-12.el6_9
  • poppler-0:0.26.5-17.el7_4
  • poppler-cpp-0:0.26.5-17.el7_4
  • poppler-cpp-devel-0:0.26.5-17.el7_4
  • poppler-demos-0:0.26.5-17.el7_4
  • poppler-devel-0:0.26.5-17.el7_4
  • poppler-glib-0:0.26.5-17.el7_4
  • poppler-glib-devel-0:0.26.5-17.el7_4
  • poppler-qt-0:0.26.5-17.el7_4
  • poppler-qt-devel-0:0.26.5-17.el7_4
  • poppler-utils-0:0.26.5-17.el7_4
refmap via4
bid 99240
confirm https://bugs.freedesktop.org/show_bug.cgi?id=101541
debian DSA-4079
Last major update 22-06-2017 - 17:29
Published 22-06-2017 - 17:29
Last modified 12-03-2019 - 13:27
Back to Top