CVE-2017-9406

Published: 02 June 2017

In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
Upstream
Released (0.55)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.41.0-0ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.24.5-2ubuntu4.5])
Patches:
Upstream: https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4