7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.1%
Package : poppler
Version : 0.18.4-6+deb7u4
CVE ID : CVE-2017-14975 CVE-2017-14976 CVE-2017-14977
CVE-2017-15565
Debian Bug : 879066 877952 877954 877957
It was discovered that poppler, a PDF rendering library, was affected
by several denial-of-service (application crash), null pointer
dereferences and heap-based buffer over-read bugs:
CVE-2017-14975
The FoFiType1C::convertToType0 function in FoFiType1C.cc
has a NULL pointer dereference vulnerability because a data structure
is not initialized, which allows an attacker to launch a denial of
service attack.
CVE-2017-14976
The FoFiType1C::convertToType0 function in FoFiType1C.cc
has a heap-based buffer over-read vulnerability if an out-of-bounds
font dictionary index is encountered, which allows an attacker to
launch a denial of service attack.
CVE-2017-14977
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc
has a NULL pointer dereference vulnerability due to lack of validation
of a table pointer, which allows an attacker to launch a denial of
service attack.
CVE-2017-15565
NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine()
function in GfxState.cc via a crafted PDF document.
For Debian 7 "Wheezy", these problems have been fixed in version
0.18.4-6+deb7u4.
We recommend that you upgrade your poppler packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | mips | libpoppler-glib-dev | < 0.48.0-2+deb9u1 | libpoppler-glib-dev_0.48.0-2+deb9u1_mips.deb |
Debian | 7 | armhf | libpoppler-dev | < 0.18.4-6+deb7u4 | libpoppler-dev_0.18.4-6+deb7u4_armhf.deb |
Debian | 7 | armhf | libpoppler-qt4-3 | < 0.18.4-6+deb7u4 | libpoppler-qt4-3_0.18.4-6+deb7u4_armhf.deb |
Debian | 9 | armhf | libpoppler-qt4-dev | < 0.48.0-2+deb9u1 | libpoppler-qt4-dev_0.48.0-2+deb9u1_armhf.deb |
Debian | 7 | all | poppler | < 0.18.4-6+deb7u4 | poppler_0.18.4-6+deb7u4_all.deb |
Debian | 9 | arm64 | libpoppler-qt4-4 | < 0.48.0-2+deb9u1 | libpoppler-qt4-4_0.48.0-2+deb9u1_arm64.deb |
Debian | 9 | armhf | libpoppler-qt5-1 | < 0.48.0-2+deb9u1 | libpoppler-qt5-1_0.48.0-2+deb9u1_armhf.deb |
Debian | 9 | ppc64el | poppler-utils | < 0.48.0-2+deb9u1 | poppler-utils_0.48.0-2+deb9u1_ppc64el.deb |
Debian | 8 | amd64 | gir1.2-poppler-0.18 | < 0.26.5-2+deb8u2 | gir1.2-poppler-0.18_0.26.5-2+deb8u2_amd64.deb |
Debian | 8 | arm64 | libpoppler-cpp-dev | < 0.26.5-2+deb8u2 | libpoppler-cpp-dev_0.26.5-2+deb8u2_arm64.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.1%