CVE-2017-18267Infinite Loop in Poppler

CWE-835Infinite LoopCWE-674Uncontrolled Recursion11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 49.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Freedesktop PopplerCanonical Ubuntu LinuxDebian Linux+4 more
Timeline
PublishedMay 10
Latest updateMay 13

Description

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

Debianfreedesktop/poppler< 0.69.0-2+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.11+2

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

4
GHSA
GHSA-j788-f9fx-qmj8: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C2022-05-13
OSV
poppler vulnerabilities2018-05-15
OSV
CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C2018-05-10
CVEList
CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C2018-05-10

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2018-05-15
Red Hat
poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service2017-10-12
Debian
CVE-2017-18267: poppler - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64....2017

💬Community

3
Bugzilla
CVE-2017-18267 poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service [fedora-all]2018-05-16
Bugzilla
CVE-2017-18267 mingw-poppler: poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service [fedora-all]2018-05-16
Bugzilla
CVE-2017-18267 poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service2018-05-16
CVE-2017-18267 — Infinite Loop in Freedesktop Poppler | cvebase