CVE-2017-14975

Published: 01 October 2017

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
poppler Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (0.41.0-0ubuntu1.4)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [0.24.5-2ubuntu4.7])
	Patches: Upstream: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975
https://ubuntu.com/security/notices/USN-3440-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.freedesktop.org/show_bug.cgi?id=102653

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›