Vulnerability CVE-2017-9083

Vulnerability Name:

CVE-2017-9083 (CCN-126282)

Assigned:

2017-05-18

Published:

2017-05-18

Updated:

2019-03-14

Summary:

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-9083

Source: CCN
Type: Bugzilla Bug 101084
Perf_test utility will crash (segmentation fault) when parsing an illegal PDF file due to the program access a null pointer

Source: MISC
Type: Exploit, Issue Tracking, Vendor Advisory
https://bugs.freedesktop.org/show_bug.cgi?id=101084

Source: XF
Type: UNKNOWN
poppler-cve20179083-dos(126282)

Source: CCN
Type: Poppler Web site
Poppler

Source: GENTOO
Type: Third Party Advisory
GLSA-201801-17

Vulnerable Configuration:

Configuration 1:

cpe:/a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20179083	V	CVE-2017-9083	2022-09-02
oval:org.opensuse.security:def:42166	P	Security update for protobuf (Moderate)	2022-03-30
oval:org.opensuse.security:def:42268	P	Security update for the Linux Kernel (Important)	2022-01-19
oval:org.opensuse.security:def:56107	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:9827	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:58048	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:20536	P	Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:9805	P	Security update for libvirt (Important)	2021-10-27
oval:org.opensuse.security:def:9797	P	Security update for apache2 (Important)	2021-10-12
oval:org.opensuse.security:def:20297	P	Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) (Important)	2021-09-16
oval:org.opensuse.security:def:20512	P	Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5) (Important)	2021-09-16
oval:org.opensuse.security:def:57069	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:20500	P	Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:14459	P	cpp48-4.8.5-31.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14624	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14803	P	xfsprogs-4.15.0-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14529	P	jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14718	P	ovmf-2017+git1510945757.b2662641d5-2.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14425	P	SuSEfirewall2-3.6.312.333-3.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14819	P	MozillaFirefox-68.1.0-109.92.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14580	P	libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14745	P	python-doc-2.7.13-28.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14433	P	apache2-2.4.23-29.24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14600	P	libidn-tools-1.28-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14792	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:57483	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:10118	P	Security update for nodejs10 (Important)	2021-07-15
oval:org.opensuse.security:def:42097	P	Security update for the Linux Kernel (Important)	2021-06-30
oval:org.opensuse.security:def:10105	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:56033	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:11868	P	libXvnc1-1.6.0-12.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12024	P	tar-1.27.1-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42605	P	libmspack0-0.0.20060920alpha-74.5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11792	P	dosfstools-3.0.26-6.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12113	P	fuse-2.9.3-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11915	P	libndp0-1.6-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12049	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42634	P	libvirt-1.2.5-3.76 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10096	P	Security update for gstreamer-plugins-bad (Important)	2021-06-08
oval:org.opensuse.security:def:12751	P	xdg-utils-20140630-6.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11800	P	evince-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11930	P	libpulse-mainloop-glib0-32bit-5.0-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42685	P	python-2.6.9-0.35.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16291	P	libpoppler44-0.24.4-14.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12091	P	dbus-1-glib-0.100.2-3.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12773	P	libpacemaker3-1.1.15-19.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42508	P	coreutils-8.12-6.25.32.33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15457	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11822	P	gnutls-3.2.15-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11949	P	libsystemd0-228-117.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42560	P	jakarta-commons-httpclient3-3.0.1-253.36.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12100	P	elfutils-0.158-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15480	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:20259	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP4) (Important)	2021-05-25
oval:org.opensuse.security:def:20442	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-05-25
oval:org.opensuse.security:def:20409	P	Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP5) (Important)	2021-04-07
oval:org.opensuse.security:def:10054	P	Security update for MozillaFirefox (Important)	2021-04-01
oval:org.opensuse.security:def:9873	P	Security update for libzypp, zypper (Moderate)	2021-03-25
oval:org.opensuse.security:def:54757	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:56925	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:10029	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:41988	P	libadns1-1.4-73.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42444	P	sudo-1.7.6p2-0.17.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:56903	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:58158	P	Security update for rubygem-rails-html-sanitizer (Moderate)	2020-12-01
oval:org.opensuse.security:def:21174	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53233	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:9920	P	libsqlite3-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38900	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:43368	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:20046	P	Security update for openslp (Important)	2020-12-01
oval:org.opensuse.security:def:58251	P	Security update for rubygem-actionpack-4_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:58398	P	Security update for libpng16 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53234	P	Security update for postgresql (Moderate)	2020-12-01
oval:org.opensuse.security:def:53807	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:54472	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10756	P	libmicrohttpd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38314	P	libkpathsea6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38725	P	libsnmp30 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41836	P	Security update for Linux Kernel Live Patch 8 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:57592	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:21200	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:9935	P	libvorbis-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54564	P	libksba8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38081	P	tomcat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38945	P	empathy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:20081	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:58327	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:58473	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:53256	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:53913	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:10778	P	libpoppler44 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38082	P	tpm2.0-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38417	P	minicom on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38784	P	python-pyOpenSSL on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57762	P	libQt5WebKit5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9954	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54638	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38833	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39583	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:41732	P	Security update for the SUSE Linux Enterprise 12 kernel (Important)	2020-12-01
oval:org.opensuse.security:def:20167	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:58365	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:53396	P	Security update for tomcat (Moderate)	2020-12-01
oval:org.opensuse.security:def:54079	P	libyaml-0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38093	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38475	P	rtkit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41733	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:20038	P	Security update for spice-gtk (Important)	2020-12-01
oval:org.opensuse.security:def:57308	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:54676	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38872	P	libtag1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39625	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:43323	P	Security update for dovecot22 (Low)	2020-12-01
oval:org.opensuse.security:def:56902	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:20225	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:58448	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:53634	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:54364	P	python-cupshelpers on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38177	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38565	P	cpp48 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41744	P	Security update for rpm (Important)	2020-12-01
oval:org.opensuse.security:def:81183	P	Security update for poppler (Moderate)	2017-06-26
oval:org.opensuse.security:def:78741	P	Security update for poppler (Moderate)	2017-06-26
oval:com.ubuntu.bionic:def:201790830000000	V	CVE-2017-9083 on Ubuntu 18.04 LTS (bionic) - low.	2017-05-19
oval:com.ubuntu.artful:def:20179083000	V	CVE-2017-9083 on Ubuntu 17.10 (artful) - low.	2017-05-19
oval:com.ubuntu.xenial:def:20179083000	V	CVE-2017-9083 on Ubuntu 16.04 LTS (xenial) - low.	2017-05-19
oval:com.ubuntu.xenial:def:201790830000000	V	CVE-2017-9083 on Ubuntu 16.04 LTS (xenial) - low.	2017-05-19
oval:com.ubuntu.bionic:def:20179083000	V	CVE-2017-9083 on Ubuntu 18.04 LTS (bionic) - low.	2017-05-19
oval:com.ubuntu.disco:def:201790830000000	V	CVE-2017-9083 on Ubuntu 19.04 (disco) - low.	2017-05-19
oval:com.ubuntu.cosmic:def:20179083000	V	CVE-2017-9083 on Ubuntu 18.10 (cosmic) - low.	2017-05-19
oval:com.ubuntu.cosmic:def:201790830000000	V	CVE-2017-9083 on Ubuntu 18.10 (cosmic) - low.	2017-05-19
oval:com.ubuntu.trusty:def:20179083000	V	CVE-2017-9083 on Ubuntu 14.04 LTS (trusty) - low.	2017-05-19

BACK