1. CVE-Search
  2. CVE-2017-9776
ID CVE-2017-9776
Summary Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:poppler:-:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:-:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.22.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.22.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.24.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.24.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.26.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.26.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.51.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.51.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.52.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.52.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:poppler:0.55.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:poppler:0.55.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 12-03-2019 - 17:27)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1466443
    title CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment poppler is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550007
        • comment poppler is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859006
      • AND
        • comment poppler-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550021
        • comment poppler-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859014
      • AND
        • comment poppler-glib is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550013
        • comment poppler-glib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859016
      • AND
        • comment poppler-glib-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550009
        • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859020
      • AND
        • comment poppler-qt is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550005
        • comment poppler-qt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859018
      • AND
        • comment poppler-qt-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550017
        • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859012
      • AND
        • comment poppler-qt4 is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550019
        • comment poppler-qt4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859022
      • AND
        • comment poppler-qt4-devel is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550011
        • comment poppler-qt4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859008
      • AND
        • comment poppler-utils is earlier than 0:0.12.4-12.el6_9
          oval oval:com.redhat.rhsa:tst:20172550015
        • comment poppler-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859010
    rhsa
    id RHSA-2017:2550
    released 2017-08-30
    severity Moderate
    title RHSA-2017:2550: poppler security update (Moderate)
  • bugzilla
    id 1466443
    title CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment poppler is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551011
        • comment poppler is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859006
      • AND
        • comment poppler-cpp is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551021
        • comment poppler-cpp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162580006
      • AND
        • comment poppler-cpp-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551023
        • comment poppler-cpp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162580016
      • AND
        • comment poppler-demos is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551019
        • comment poppler-demos is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162580022
      • AND
        • comment poppler-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551013
        • comment poppler-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859014
      • AND
        • comment poppler-glib is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551009
        • comment poppler-glib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859016
      • AND
        • comment poppler-glib-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551007
        • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859020
      • AND
        • comment poppler-qt is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551005
        • comment poppler-qt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859018
      • AND
        • comment poppler-qt-devel is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551017
        • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859012
      • AND
        • comment poppler-utils is earlier than 0:0.26.5-17.el7_4
          oval oval:com.redhat.rhsa:tst:20172551015
        • comment poppler-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859010
    rhsa
    id RHSA-2017:2551
    released 2017-08-30
    severity Moderate
    title RHSA-2017:2551: poppler security update (Moderate)
rpms
  • poppler-0:0.12.4-12.el6_9
  • poppler-devel-0:0.12.4-12.el6_9
  • poppler-glib-0:0.12.4-12.el6_9
  • poppler-glib-devel-0:0.12.4-12.el6_9
  • poppler-qt-0:0.12.4-12.el6_9
  • poppler-qt-devel-0:0.12.4-12.el6_9
  • poppler-qt4-0:0.12.4-12.el6_9
  • poppler-qt4-devel-0:0.12.4-12.el6_9
  • poppler-utils-0:0.12.4-12.el6_9
  • poppler-0:0.26.5-17.el7_4
  • poppler-cpp-0:0.26.5-17.el7_4
  • poppler-cpp-devel-0:0.26.5-17.el7_4
  • poppler-demos-0:0.26.5-17.el7_4
  • poppler-devel-0:0.26.5-17.el7_4
  • poppler-glib-0:0.26.5-17.el7_4
  • poppler-glib-devel-0:0.26.5-17.el7_4
  • poppler-qt-0:0.26.5-17.el7_4
  • poppler-qt-devel-0:0.26.5-17.el7_4
  • poppler-utils-0:0.26.5-17.el7_4
refmap via4
bid 99240
confirm https://bugs.freedesktop.org/show_bug.cgi?id=101541
debian DSA-4079
Last major update 12-03-2019 - 17:27
Published 22-06-2017 - 21:29
Back to Top