CVE-2017-9406
First published: Fri Jun 02 2017(Updated: )
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/poppler | 0.71.0-5 0.71.0-5+deb10u3 20.09.0-3.1+deb11u1 22.12.0-2 | |
| freedesktop poppler | =0.54.0 | |
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9406?
CVE-2017-9406 has been classified as a denial of service vulnerability due to a memory leak in Poppler.
How do I fix CVE-2017-9406?
To fix CVE-2017-9406, users should upgrade to Poppler versions 0.71.0-5 or later.
What software is affected by CVE-2017-9406?
CVE-2017-9406 affects Poppler version 0.54.0 and potentially older versions on Debian systems.
Can CVE-2017-9406 cause data loss?
CVE-2017-9406 primarily leads to a denial of service but does not directly cause data loss.
Is CVE-2017-9406 related to other vulnerabilities?
CVE-2017-9406 is specific to memory management in Poppler but may have similar traits to other memory leak vulnerabilities.
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/freedesktop
- canonical/freedesktop poppler
- version/freedesktop poppler/0.54.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0