Description
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201801-17
Patch, Third Party Advisory x_refsource_confirm
https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
Scores
CVSS v3
5.5
EPSS
0.0109
EPSS Percentile
61.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (50)
freedesktop/poppler
0.17.3
freedesktop/poppler
0.17.4
freedesktop/poppler
0.18.0
freedesktop/poppler
0.18.1
freedesktop/poppler
0.18.2
freedesktop/poppler
0.18.3
freedesktop/poppler
0.18.4
freedesktop/poppler
0.19.0
freedesktop/poppler
0.19.1
freedesktop/poppler
0.19.2
... and 40 more
Published
May 30, 2017
Tracked Since
Feb 18, 2026