CVE-2017-14977NULL Pointer Dereference in Poppler

CWE-476NULL Pointer Dereference11 documents8 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
1.1%
top 21.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerDebian Linux
Timeline
PublishedOct 2
Latest updateMay 14

Description

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianfreedesktop/poppler< 0.61.1-2+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.7+1

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

4
GHSA
GHSA-hjpq-cmqm-x5p7: The FoFiTrueType::getCFFBlock function in FoFiTrueType2022-05-14
OSV
poppler vulnerabilities2017-10-06
OSV
CVE-2017-14977: The FoFiTrueType::getCFFBlock function in FoFiTrueType2017-10-02
CVEList
CVE-2017-14977: The FoFiTrueType::getCFFBlock function in FoFiTrueType2017-10-01

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2017-10-06
Red Hat
poppler: NULL pointer dereference in the FoFiTrueType::getCFFBlock function2017-09-30
Debian
CVE-2017-14977: poppler - The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has ...2017

💬Community

3
Bugzilla
CVE-2017-14977 poppler: NULL pointer dereference in the FoFiTrueType::getCFFBlock function2017-10-10
Bugzilla
CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14929 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 mingw-poppler: various flaws [fedora-all]2017-10-06
Bugzilla
CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14929 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 poppler: various flaws [fedora-all]2017-10-06
CVE-2017-14977 — NULL Pointer Dereference in Poppler | cvebase