CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
freedesktoppoppler
𝑥
≤ 0.64.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
redhatansible_tower
3.3
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bullseye (security)
20.09.0-3.1+deb11u1
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
wheezy
ignored
bookworm
22.12.0-2
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
bionic
Fixed 0.62.0-2ubuntu2.1
released
artful
Fixed 0.57.0-2ubuntu4.3
released
xenial
Fixed 0.41.0-0ubuntu1.7
released
trusty
Fixed 0.24.5-2ubuntu4.11
released
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3140
https://access.redhat.com/errata/RHSA-2018:3505
https://bugzilla.freedesktop.org/show_bug.cgi?id=103238
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
https://usn.ubuntu.com/3647-1/
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3140
https://access.redhat.com/errata/RHSA-2018:3505
https://bugzilla.freedesktop.org/show_bug.cgi?id=103238
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
https://usn.ubuntu.com/3647-1/