CVE-2017-2818 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

1.0%

top 22.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Poppler Freedesktop Poppler

Timeline

PublishedJul 12

Latest updateMay 13

Description

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5poppler/poppler0.53.0

▶NVDfreedesktop/poppler0.53.0

🔴Vulnerability Details

GHSA

GHSA-65cm-pc5p-2hgx: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0↗2022-05-13

▶

OSV

CVE-2017-2818: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0↗2017-07-12

▶

CVEList

CVE-2017-2818: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0↗2017-07-12

▶

📋Vendor Advisories

Red Hat

poppler: Heap-buffer overflow in the image rendering functionality↗2017-07-07

▶

Debian

CVE-2017-2818: poppler - An exploitable heap overflow vulnerability exists in the image rendering functio...↗2017

▶

💬Community

Bugzilla

CVE-2017-2818 poppler: Heap-buffer overflow in the image rendering functionality↗2017-07-12

▶