CVE-2017-14975NULL Pointer Dereference in Poppler

CWE-476NULL Pointer Dereference11 documents8 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
1.1%
top 21.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerDebian Linux
Timeline
PublishedOct 2
Latest updateMay 14

Description

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianfreedesktop/poppler< 0.61.1-2+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.7+1

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

4
GHSA
GHSA-p32h-j7f8-3j6g: The FoFiType1C::convertToType0 function in FoFiType1C2022-05-14
OSV
poppler vulnerabilities2017-10-06
OSV
CVE-2017-14975: The FoFiType1C::convertToType0 function in FoFiType1C2017-10-02
CVEList
CVE-2017-14975: The FoFiType1C::convertToType0 function in FoFiType1C2017-10-01

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2017-10-06
Red Hat
poppler: NULL pointer dereference in the FoFiType1C::convertToType0 function2017-09-11
Debian
CVE-2017-14975: poppler - The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a...2017

💬Community

3
Bugzilla
CVE-2017-14975 poppler: NULL pointer dereference in the FoFiType1C::convertToType0 function2017-10-10
Bugzilla
CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14929 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 mingw-poppler: various flaws [fedora-all]2017-10-06
Bugzilla
CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14929 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 poppler: various flaws [fedora-all]2017-10-06
CVE-2017-14975 — NULL Pointer Dereference in Poppler | cvebase