CVE-2017-2820

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talosCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
freedesktoppoppler
0.53.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
zesty
Fixed 0.48.0-2ubuntu2.1
released
yakkety
Fixed 0.44.0-3ubuntu2.1
released
xenial
Fixed 0.41.0-0ubuntu1.2
released
trusty
Fixed 0.24.5-2ubuntu4.5
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99497
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321
http://www.securityfocus.com/bid/99497
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321