SB2017100206 - Multiple vulnerabilities in Poppler
Published: October 2, 2017 Updated: October 30, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) NULL pointer derefenrece (CVE-ID: CVE-2017-14975)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in FoFiType1C::convertToType0 function in FoFiType1C.cc when processing documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
2) NULL pointer derefenrece (CVE-ID: CVE-2017-14977)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in FoFiTrueType::getCFFBlock function in FoFiTrueType.cc when processing documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
3) Heap-based buffer overflow (CVE-ID: CVE-2017-14976)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in FoFiType1C::convertToType0 function in FoFiType1C.cc when processing fonts in documents. A remote unauthenticated attacker can create a specially crafted document and trigger application crash.
4) Heap-based buffer overflow (CVE-ID: CVE-2017-11116)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in ExifImageFile::readDQT function in ExifImageFileRead.cpp when processing PDF documents. A remote unauthenticated attacker can create a specially crafted document and trigger application crash.
5) Infinite loop (CVE-ID: CVE-2017-14519)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls when processing PDF documents. A remote attacker can send a specially crafted document, trigger infinite loop and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
6) NULL pointer derefenrece (CVE-ID: CVE-2017-14517)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in XRef::parseEntry() function in XRef.cc when processing PDF documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
7) NULL pointer derefenrece (CVE-ID: CVE-2017-14928)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in AnnotRichMedia::Configuration::Configuration in Annot.cc when processing PDF documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
8) NULL pointer derefenrece (CVE-ID: CVE-2017-14926)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in AnnotRichMedia::Content::Content in Annot.cc when processing PDF documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
9) NULL pointer derefenrece (CVE-ID: CVE-2017-14927)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in SplashOutputDev::type3D0() function in SplashOutputDev.cc when processing PDF documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
10) NULL pointer derefenrece (CVE-ID: CVE-2017-15565)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) conditions.
The vulnerability exists due to an error in GfxImageColorMap::getGrayLine() function in GfxState.cc when processing PDF documents. A remote attacker can send a specially crafted document, trigger NULL pointer dereference and perform a denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to cause application crash.
Remediation
Install update from vendor's website.
References
- https://bugzilla.freedesktop.org/show_bug.cgi?id=102653
- https://bugs.freedesktop.org/show_bug.cgi?id=103045
- https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
- https://bugzilla.freedesktop.org/show_bug.cgi?id=102724
- http://seclists.org/fulldisclosure/2017/Jul/77
- https://bugs.freedesktop.org/show_bug.cgi?id=102701
- https://bugs.freedesktop.org/show_bug.cgi?id=102687
- https://bugs.freedesktop.org/show_bug.cgi?id=102607
- https://bugs.freedesktop.org/show_bug.cgi?id=102601
- https://bugs.freedesktop.org/show_bug.cgi?id=102604
- https://bugs.freedesktop.org/show_bug.cgi?id=103016