CVE-2017-9865

MEDIUM

Poppler 0.54.0 - DoS

Title source: llm

Description

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

References (5)

[Third Party Advisory] http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html

[Issue Tracking, Vendor Advisory] https://bugs.freedesktop.org/show_bug.cgi?id=100774

[Third Party Advisory] https://security.gentoo.org/glsa/201801-17

[Vendor Advisory] https://usn.ubuntu.com/4042-1/

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4079

Scores

CVSS v3 5.5

EPSS 0.0076

EPSS Percentile 73.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (4)

freedesktop/poppler

debian/debian_linux

debian/debian_linux

n/a/n/a

Published Jun 25, 2017

Tracked Since Feb 18, 2026