CVE-2017-14977

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
freedesktoppoppler
0.59.0
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
trusty
Fixed 0.24.5-2ubuntu4.7
released
xenial
Fixed 0.41.0-0ubuntu1.4
released
zesty
Fixed 0.48.0-2ubuntu2.3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpoppler-glib8
suse enterprise sap 12 SP3
0.43.0-16.15.1
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP3
0.43.0-16.15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler-qt4-4
suse enterprise sap 12 SP3
0.43.0-16.15.1
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP3
0.43.0-16.15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler60
suse enterprise sap 12 SP3
0.43.0-16.15.1
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP3
0.43.0-16.15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
poppler-tools
suse enterprise sap 12 SP3
0.43.0-16.15.1
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP3
0.43.0-16.15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
Common Weakness Enumeration
References
https://bugs.freedesktop.org/show_bug.cgi?id=103045
https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html
https://www.debian.org/security/2018/dsa-4079
https://bugs.freedesktop.org/show_bug.cgi?id=103045
https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html
https://www.debian.org/security/2018/dsa-4079