The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

security threat CVE-2017-1000456

Poppler: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Severity of this announce: 2/4.
Creation date: 03/01/2018.
Références of this computer vulnerability: bulletinjan2019, CVE-2017-1000456, DLA-1228-1, DSA-4097-1, FEDORA-2018-048468d7a8, FEDORA-2018-20ba39cba9, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3517-1, VIGILANCE-VUL-24937.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

This computer weakness note impacts software or systems such as Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this security bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness announce.

Solutions for this threat

Debian 7: new poppler packages.
New packages are available:
  Debian 7: poppler 0.18.4-6+deb7u5

Debian 8, 9: new poppler packages.
New packages are available:
  Debian 8: poppler 0.26.5-2+deb8u3
  Debian 9: poppler 0.48.0-2+deb9u2

Fedora: new poppler packages.
New packages are available:
  Fedora 26: poppler 0.52.0-11.fc26
  Fedora 27: poppler 0.57.0-7.fc27

openSUSE Leap 42.3: new poppler packages.
New packages are available:
  openSUSE Leap 42.3: poppler 0.43.0-8.1

Oracle Solaris: patch for third party software of January 2019 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 11 SP4: new poppler packages.
New packages are available:
  SUSE LE 11 SP4: poppler 0.12.3-1.13.3.2

SUSE LE 12 SP3: new poppler packages.
New packages are available:
  SUSE LE 12 SP3: poppler 0.43.0-16.15.1

Ubuntu: new poppler packages.
New packages are available:
  Ubuntu 17.10: poppler 0.57.0-2ubuntu4.2
  Ubuntu 17.04: poppler 0.48.0-2ubuntu2.5
  Ubuntu 16.04 LTS: poppler 0.41.0-0ubuntu1.6
  Ubuntu 14.04 LTS: poppler 0.24.5-2ubuntu4.9
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.