CVE-2017-2814Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow7 documents7 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
1.4%
top 19.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PopplerFreedesktop Poppler
Timeline
PublishedJul 12
Latest updateMay 13

Description

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5poppler/poppler0.53.0

🔴Vulnerability Details

3
GHSA
GHSA-387q-wvj8-w6gg: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 02022-05-13
OSV
CVE-2017-2814: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 02017-07-12
CVEList
CVE-2017-2814: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 02017-07-12

📋Vendor Advisories

2
Red Hat
poppler: Heap-buffer overflow in DCTStream::readScan()2017-07-07
Debian
CVE-2017-2814: poppler - An exploitable heap overflow vulnerability exists in the image rendering functio...2017

💬Community

1
Bugzilla
CVE-2017-2814 poppler: Heap-buffer overflow in DCTStream::readScan()2017-07-12
CVE-2017-2814 — Poppler vulnerability | cvebase