ID CVE-2017-9776
Summary Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:poppler:-:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:-:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.51.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.51.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.52.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.52.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.55.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.55.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 12-03-2019 - 17:27)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1466443
    title CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment poppler is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550001
          • comment poppler is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859002
        • AND
          • comment poppler-devel is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550003
          • comment poppler-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859004
        • AND
          • comment poppler-glib is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550005
          • comment poppler-glib is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859006
        • AND
          • comment poppler-glib-devel is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550007
          • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859008
        • AND
          • comment poppler-qt is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550009
          • comment poppler-qt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859010
        • AND
          • comment poppler-qt-devel is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550011
          • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859012
        • AND
          • comment poppler-qt4 is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550013
          • comment poppler-qt4 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859014
        • AND
          • comment poppler-qt4-devel is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550015
          • comment poppler-qt4-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859016
        • AND
          • comment poppler-utils is earlier than 0:0.12.4-12.el6_9
            oval oval:com.redhat.rhsa:tst:20172550017
          • comment poppler-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859018
    rhsa
    id RHSA-2017:2550
    released 2017-08-30
    severity Moderate
    title RHSA-2017:2550: poppler security update (Moderate)
  • bugzilla
    id 1466443
    title CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment poppler is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551001
          • comment poppler is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859002
        • AND
          • comment poppler-cpp is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551003
          • comment poppler-cpp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20162580004
        • AND
          • comment poppler-cpp-devel is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551005
          • comment poppler-cpp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20162580006
        • AND
          • comment poppler-demos is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551007
          • comment poppler-demos is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20162580008
        • AND
          • comment poppler-devel is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551009
          • comment poppler-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859004
        • AND
          • comment poppler-glib is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551011
          • comment poppler-glib is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859006
        • AND
          • comment poppler-glib-devel is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551013
          • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859008
        • AND
          • comment poppler-qt is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551015
          • comment poppler-qt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859010
        • AND
          • comment poppler-qt-devel is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551017
          • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859012
        • AND
          • comment poppler-utils is earlier than 0:0.26.5-17.el7_4
            oval oval:com.redhat.rhsa:tst:20172551019
          • comment poppler-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100859018
    rhsa
    id RHSA-2017:2551
    released 2017-08-30
    severity Moderate
    title RHSA-2017:2551: poppler security update (Moderate)
rpms
  • poppler-0:0.12.4-12.el6_9
  • poppler-debuginfo-0:0.12.4-12.el6_9
  • poppler-devel-0:0.12.4-12.el6_9
  • poppler-glib-0:0.12.4-12.el6_9
  • poppler-glib-devel-0:0.12.4-12.el6_9
  • poppler-qt-0:0.12.4-12.el6_9
  • poppler-qt-devel-0:0.12.4-12.el6_9
  • poppler-qt4-0:0.12.4-12.el6_9
  • poppler-qt4-devel-0:0.12.4-12.el6_9
  • poppler-utils-0:0.12.4-12.el6_9
  • poppler-0:0.26.5-17.el7_4
  • poppler-cpp-0:0.26.5-17.el7_4
  • poppler-cpp-devel-0:0.26.5-17.el7_4
  • poppler-debuginfo-0:0.26.5-17.el7_4
  • poppler-demos-0:0.26.5-17.el7_4
  • poppler-devel-0:0.26.5-17.el7_4
  • poppler-glib-0:0.26.5-17.el7_4
  • poppler-glib-devel-0:0.26.5-17.el7_4
  • poppler-qt-0:0.26.5-17.el7_4
  • poppler-qt-devel-0:0.26.5-17.el7_4
  • poppler-utils-0:0.26.5-17.el7_4
refmap via4
bid 99240
confirm https://bugs.freedesktop.org/show_bug.cgi?id=101541
debian DSA-4079
Last major update 12-03-2019 - 17:27
Published 22-06-2017 - 21:29
Last modified 12-03-2019 - 17:27
Back to Top