CVE-2017-9776

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

References

http://www.securityfocus.com/bid/99240

https://access.redhat.com/errata/RHSA-2017:2550

https://access.redhat.com/errata/RHSA-2017:2551

https://bugs.freedesktop.org/show_bug.cgi?id=101541

https://www.debian.org/security/2018/dsa-4079

Details

Source: MITRE

Published: 2017-06-22

Updated: 2019-03-12

Type: CWE-190

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
127361NewStart CGSL MAIN 4.05 : poppler Vulnerability (NS-SA-2019-0118)NessusNewStart CGSL Local Security Checks
high
105623Debian DSA-4079-1 : poppler - security updateNessusDebian Local Security Checks
high
103731Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : poppler vulnerabilities (USN-3440-1)NessusUbuntu Local Security Checks
high
103572Amazon Linux AMI : poppler (ALAS-2017-902)NessusAmazon Linux Local Security Checks
high
103088EulerOS 2.0 SP2 : poppler (EulerOS-SA-2017-1230)NessusHuawei Local Security Checks
high
103087EulerOS 2.0 SP1 : poppler (EulerOS-SA-2017-1229)NessusHuawei Local Security Checks
high
102951RHEL 7 : poppler (RHSA-2017:2551)NessusRed Hat Local Security Checks
high
102950RHEL 6 : poppler (RHSA-2017:2550)NessusRed Hat Local Security Checks
high
102905OracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147)NessusOracleVM Local Security Checks
high
102884CentOS 7 : poppler (CESA-2017:2551)NessusCentOS Local Security Checks
high
102883CentOS 6 : poppler (CESA-2017:2550)NessusCentOS Local Security Checks
high
102853Scientific Linux Security Update : poppler on SL7.x x86_64 (20170830)NessusScientific Linux Local Security Checks
high
102852Scientific Linux Security Update : poppler on SL6.x i386/x86_64 (20170830)NessusScientific Linux Local Security Checks
high
102851Oracle Linux 7 : poppler (ELSA-2017-2551)NessusOracle Linux Local Security Checks
high
102850Oracle Linux 6 : poppler (ELSA-2017-2550)NessusOracle Linux Local Security Checks
high
102823Debian DLA-1074-1 : poppler security updateNessusDebian Local Security Checks
high
102397Fedora 24 : mingw-poppler (2017-93868169a0)NessusFedora Local Security Checks
high
102217openSUSE Security Update : poppler (openSUSE-2017-883)NessusSuSE Local Security Checks
high
102070SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1999-1)NessusSuSE Local Security Checks
high
102069SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1998-1)NessusSuSE Local Security Checks
high
102029Fedora 26 : mingw-poppler (2017-bbb664e0a0)NessusFedora Local Security Checks
high
102028Fedora 25 : mingw-poppler (2017-9fa2cefa7a)NessusFedora Local Security Checks
high
101796Fedora 25 : poppler (2017-7eaec3353d)NessusFedora Local Security Checks
high
101633Fedora 26 : poppler (2017-5112220e59)NessusFedora Local Security Checks
high
101167Poppler < 0.56.0 Multiple VulnerabilitiesNessusMisc.
high