NULL Pointer Dereference in Poppler's GfxImageColorMap Function
CVE-2017-15565

8.8HIGH

Key Information:

Vendor

Freedesktop

Status
Poppler
Vendor
CVE Published:
17 October 2017
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2017-15565?

A vulnerability in Poppler, specifically in version 0.59.0, allows for a NULL Pointer Dereference within the GfxImageColorMap::getGrayLine() function. This occurs when a specially crafted PDF document is processed, potentially leading to application crashes or service disruptions. It's crucial for users of Poppler to be aware of this issue and consider applying updates or patches to mitigate the risks associated with document handling.

References

https://bugs.freedesktop.org/show_bug.cgi?id=103016
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4079
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2017/11/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.