CVE-2017-9083

MEDIUM

poppler 0.54.0 - Memory Corruption

Title source: llm

Description

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

References (2)

[Exploit, Issue Tracking, Vendor Advisory] https://bugs.freedesktop.org/show_bug.cgi?id=101084

[Third Party Advisory] https://security.gentoo.org/glsa/201801-17

Scores

CVSS v3 6.5

EPSS 0.0068

EPSS Percentile 71.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (2)

freedesktop/poppler

n/a/n/a

Published May 19, 2017

Tracked Since Feb 18, 2026