| Errata ID | 390 |
|---|---|
| Date | 2018-05-08 |
| Source package | poppler |
| Fixed in version | 0.26.5-2+deb8u4 |
| Description | This update addresses the following issues: * CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * CVE-2017-14929: Memory corruption via Gfx.cc infinite loop * CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * CVE-2017-14976: Heap-based buffer over-read vulnerability in the * CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc * CVE-2017-1000456: Invalid read in TextPool::addWord() causes crash and can lead to overflow in subsequent calculations |
| Additional notes | |
| CVE ID | CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14520 CVE-2017-14617 CVE-2017-14929 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 CVE-2017-1000456 |
| UCS Bug number | #46153 |
