{"id":"MGASA-2017-0276","summary":"Updated poppler packages fix security vulnerabilities","details":"Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed\ncertain malformed PDF documents. If a user or automated system were tricked\ninto opening a crafted PDF file, an attacker could cause poppler to crash,\nresulting in a denial of service (CVE-2017-7511).\n\nIt was discovered that the poppler pdfunite tool incorrectly parsed certain\nmalformed PDF documents. If a user or automated system were tricked into\nopening a crafted PDF file, an attacker could cause poppler to hang,\nresulting in a denial of service (CVE-2017-7515).\n\nIt was discovered that poppler incorrectly handled memory when processing\nPDF documents. If a user or automated system were tricked into opening a\ncrafted PDF file, an attacker could cause poppler to consume resources,\nresulting in a denial of service (CVE-2017-9406, CVE-2017-9408).\n\nAlberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler\npdftocairo tool incorrectly parsed certain malformed PDF documents. If a\nuser or automated system were tricked into opening a crafted PDF file, an\nattacker could cause poppler to crash, resulting in a denial of service\n(CVE-2017-9775).\n\nInteger overflow leading to Heap buffer overflow in JBIG2Stream.cc in\npdftocairo in Poppler allows attackers to cause a denial of service\n(application crash) or possibly have unspecified other impact via a crafted\nPDF document (CVE-2017-9776).\n\nThe function GfxImageColorMap::getGray in GfxState.cc in Poppler allows\nattackers to cause a denial of service (stack-based buffer over-read and\napplication crash) via a crafted PDF document, related to missing color-map\nvalidation in ImageOutputDev.cc (CVE-2017-9865).\n","modified":"2026-04-16T06:23:07.086729138Z","published":"2017-08-17T08:02:00Z","upstream":["CVE-2017-7511","CVE-2017-7515","CVE-2017-9406","CVE-2017-9408","CVE-2017-9775","CVE-2017-9776","CVE-2017-9865"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0276.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21038"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MPWSH7JKKVEIEQEEILCRHTF7HL7BSYW4/"},{"type":"WEB","url":"https://www.ubuntu.com/usn/usn-3350-1/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7G2XFEFF6S2H4DRDPUXBUWPEEDGE37EG/"}],"affected":[{"package":{"name":"poppler","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/poppler?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.26.5-2.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0276.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}