Boundary Validation Flaw in libpoppler by freedesktop.org
CVE-2017-1000456

8.8HIGH

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
2 January 2018
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2017-1000456?

The libpoppler version 0.60.1 from freedesktop.org contains a significant vulnerability due to its failure to properly validate boundaries in the TextPool::addWord function. This oversight can lead to buffer overflow conditions, allowing attackers to manipulate subsequent calculations and potentially exploit the application for unauthorized actions. Ensuring proper updates and patches are critical for mitigating risks associated with this flaw.

References

https://lists.debian.org/debian-lts-announce/2018/01/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4097
vendor-advisoryx_refsource_DEBIAN
https://bugs.freedesktop.org/show_bug.cgi?id=103116
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.