VDB

GCVE-VVD-MAGEIA-2017-276

GCVE-VVD-MAGEIA-2017-276
Advisory Published
Vulnetix · Advisory published August 17, 2017
Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service (CVE-2017-7511). It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service (CVE-2017-7515). It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service (CVE-2017-9406, CVE-2017-9408). Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service (CVE-2017-9775). Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (CVE-2017-9776). The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc (CVE-2017-9865).

Affected Products

VendorProductVersionsPlatforms
Mageiapoppler0 (affected), 0.26.5-2.3.mga5 (unaffected)

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›