CVE-2017-9776Integer Overflow or Wraparound in Poppler

CWE-190Integer Overflow or Wraparound10 documents8 sources
Severity
7.8HIGHNVD
EPSS
1.2%
top 20.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Freedesktop PopplerDebian LinuxRedhat Enterprise Linux Desktop+5 more
Timeline
PublishedJun 22
Latest updateMay 14

Description

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

Debianfreedesktop/poppler< 0.57.0-2+3

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: bugs.freedesktop.orgPatch: bugs.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-vj9m-pc78-2rvq: Integer overflow leading to Heap buffer overflow in JBIG2Stream2022-05-14
CVEList
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream2017-06-22
OSV
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream2017-06-22

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2017-10-06
Red Hat
poppler: Integer overflow in JBIG2Stream.cc2017-06-21
Debian
CVE-2017-9776: poppler - Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo...2017

💬Community

3
Bugzilla
CVE-2017-9776 poppler: Integer overflow in JBIG2Stream.cc2017-06-29
Bugzilla
CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 poppler: various flaws [fedora-all]2017-06-06
Bugzilla
CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 mingw-poppler: various flaws [fedora-all]2017-06-06
CVE-2017-9776 — Integer Overflow or Wraparound | cvebase