Your submission was sent successfully! Close

CVE-2017-7515

Published: 6 June 2017

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [0.24.5-2ubuntu4.5])
upstream Needs triage

xenial
Released (0.41.0-0ubuntu1.2)
yakkety
Released (0.44.0-3ubuntu2.1)
zesty
Released (0.48.0-2ubuntu2.1)
Patches:
upstream: https://cgit.freedesktop.org/poppler/poppler/commit/poppler/PDFDoc.cc?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3

Notes

AuthorNote
sbeattie
possibly only affects CLI tool, so may not have any security
impact.

References