What is the severity of CVE-2017-9776?

CVE-2017-9776 has been classified as a vulnerability with the potential to cause a denial of service and possibly other unspecified impacts.

How do I fix CVE-2017-9776?

To fix CVE-2017-9776, update the Poppler package to versions 0.71.0-5 or later, as recommended by your operating system vendor.

What type of vulnerability is CVE-2017-9776?

CVE-2017-9776 is an integer overflow vulnerability that leads to a heap buffer overflow.

Which software is affected by CVE-2017-9776?

CVE-2017-9776 affects versions of the Poppler library prior to 0.56, and various distributions of Debian and Red Hat Enterprise Linux.

Can CVE-2017-9776 be exploited remotely?

Yes, CVE-2017-9776 can be exploited remotely through a crafted PDF document.

Vulnerability/
CVE-2017-9776

high

7.8

CWE

190 119

22/6/2017

5/8/2024

CVE-2017-9776: Integer Overflow

First published: Thu Jun 22 2017(Updated: )

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/poppler		0.71.0-5 0.71.0-5+deb10u3 20.09.0-3.1+deb11u1 22.12.0-2
Poppler Data	<=0.55.0
Debian Linux	=8.0
Debian Linux	=9.0
Red Hat Enterprise Linux Desktop	=6.0
Red Hat Enterprise Linux Desktop	=7.0
Red Hat Enterprise Linux Server	=6.0
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Server	=7.4
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Server	=7.4
Red Hat Enterprise Linux Server	=7.5
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Server	=7.4
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Workstation	=6.0
Red Hat Enterprise Linux Workstation	=7.0

Remedy

https://bugs.freedesktop.org/show_bug.cgi?id=101541

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-9776?
CVE-2017-9776 has been classified as a vulnerability with the potential to cause a denial of service and possibly other unspecified impacts.
How do I fix CVE-2017-9776?
To fix CVE-2017-9776, update the Poppler package to versions 0.71.0-5 or later, as recommended by your operating system vendor.
What type of vulnerability is CVE-2017-9776?
CVE-2017-9776 is an integer overflow vulnerability that leads to a heap buffer overflow.
Which software is affected by CVE-2017-9776?
CVE-2017-9776 affects versions of the Poppler library prior to 0.56, and various distributions of Debian and Red Hat Enterprise Linux.
Can CVE-2017-9776 be exploited remotely?
Yes, CVE-2017-9776 can be exploited remotely through a crafted PDF document.

collector/security-tracker-debian
agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-9776
agent/author
agent/remedy
agent/weakness
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
vendor/freedesktop
canonical/poppler data
version/poppler data/0.55.0
vendor/debian
canonical/debian linux
version/debian linux/8.0
version/debian linux/9.0
vendor/redhat
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/6.0
version/red hat enterprise linux desktop/7.0
canonical/red hat enterprise linux server
version/red hat enterprise linux server/6.0
version/red hat enterprise linux server/7.0
version/red hat enterprise linux server/7.4
version/red hat enterprise linux server/7.6
version/red hat enterprise linux server/7.5
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/6.0
version/red hat enterprise linux workstation/7.0