CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.

Published: Jul 12, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-2818
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
freedesktop / poppler	0.53.0	0.53.0.x

http://www.securityfocus.com/bid/99497
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319

Vulnerability Database

289,599

CVE-2017-2818