CVE-2017-14617

Опубликовано: 20 сент. 2017

Источник: debian

EPSS Низкий

Описание

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
poppler	fixed	0.61.1-2		package
poppler	ignored		stretch	package
poppler	ignored		jessie	package

Примечания

https://bugs.freedesktop.org/show_bug.cgi?id=102854
Pre-requisite: https://cgit.freedesktop.org/poppler/poppler/commit/?id=5266fa426d73c5dbdb3dd903d50885097833acc6 (poppler-0.56)
https://cgit.freedesktop.org/poppler/poppler/commit/?id=939465c40902d72e0c05d4f3a27ee67e4a007ed7 (poppler-0.60)
The patch applied in 0.48.0-2+deb9u1 (stretch) and 0.26.5-2+deb8u2 (jessie)
does not completely fix the issue thus still marked as unfixed even if the
CVE is recorded in debian/changelog.

EPSS

Процентиль: 66%

0.00525

Низкий

Связанные уязвимости

CVE-2017-14617

CVSS3: 7.8

ubuntu

больше 8 лет назад

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

CVE-2017-14617

CVSS3: 3.3

redhat

больше 8 лет назад

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

CVE-2017-14617

CVSS3: 7.8

nvd

больше 8 лет назад

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

GHSA-xx3m-8628-m9w5

CVSS3: 7.8

github

больше 3 лет назад

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

SUSE-SU-2020:1626-1

suse-cvrf

больше 5 лет назад

Security update for poppler

EPSS

Процентиль: 66%

0.00525

Низкий