CVE-2017-9083

EUVD-2017-18022
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
freedesktoppoppler
0.54.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
luatex
artful
dne
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
poppler
artful
Fixed 0.48.0-2ubuntu3
released
bionic
Fixed 0.48.0-2ubuntu3
released
cosmic
Fixed 0.48.0-2ubuntu3
released
disco
Fixed 0.48.0-2ubuntu3
released
trusty
Fixed 0.24.5-2ubuntu4.5
released
xenial
Fixed 0.41.0-0ubuntu1.2
released
yakkety
Fixed 0.44.0-3ubuntu2.1
released
zesty
Fixed 0.48.0-2ubuntu2.1
released
texlive-bin
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
trusty
dne
xenial
not-affected
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
https://bugs.freedesktop.org/show_bug.cgi?id=101084
https://security.gentoo.org/glsa/201801-17
https://bugs.freedesktop.org/show_bug.cgi?id=101084
https://security.gentoo.org/glsa/201801-17