CVE-2017-2818: Buffer Overflow
First published: Wed Jul 12 2017(Updated: )
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Poppler Utilities | =0.53.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2818?
CVE-2017-2818 is classified as a high-severity vulnerability due to its potential for exploitation through crafted PDF files.
How do I fix CVE-2017-2818?
To fix CVE-2017-2818, upgrade Poppler to a newer version that includes the patch for the heap overflow vulnerability.
What versions of Poppler are affected by CVE-2017-2818?
CVE-2017-2818 specifically affects Poppler version 0.53.0.
What types of attacks can CVE-2017-2818 enable?
CVE-2017-2818 can enable remote code execution attacks through the use of specially crafted PDF files.
In which components of Poppler does CVE-2017-2818 occur?
CVE-2017-2818 occurs in the image rendering functionality of Poppler.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freedesktop
- canonical/poppler utilities
- version/poppler utilities/0.53.0