Skip to main content

Poppler CVE-2017-2820

HIGH
Integer Overflow or Wraparound (CWE-190)
2017-07-12 talos-cna@cisco.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 12, 2017 - 17:29 cve.org
HIGH 8.8

DescriptionCVE.org

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.

AnalysisAI

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. Affected products include: Freedesktop Poppler.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2013-4474 MEDIUM POC
5.0 Nov 23

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote

CVE-2017-15565 HIGH POC
8.8 Oct 17

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via

CVE-2019-12293 HIGH POC
8.8 May 23

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with

CVE-2019-10872 HIGH POC
8.8 Apr 05

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-9545 HIGH POC
8.8 Mar 01

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-9543 HIGH POC
8.8 Mar 01

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-9200 HIGH POC
8.8 Feb 26

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for exa

CVE-2013-4473 HIGH POC
7.5 Nov 23

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote

CVE-2017-14518 HIGH POC
7.8 Sep 17

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a c

CVE-2017-14520 HIGH POC
7.8 Sep 17

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a poten

CVE-2022-38784 HIGH POC
7.8 Aug 30

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg

CVE-2020-35702 HIGH POC
7.8 Dec 25

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. Rate

Share

CVE-2017-2820 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy