Poppler is prone to a denial-of-service vulnerability.
A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users.
Poppler 0.59.0 is vulnerable; other versions may also be affected.
Information
Redhat Enterprise Linux 6
Redhat Enterprise Linux 5
Oracle Solaris 11.4
freedesktop Poppler 0.59.0
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- Poppler Homepage (Poppler)
- Bug 102687 - NULL pointer dereference vulnerability in poppler 0.59.0 (Freedesktop)
- Bug 1499162 CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseE (Redhat)
- CVE-2017-14517 (Redhat)
- DSA-4079-1 poppler -- security update (Debian)
- Oracle Solaris Third Party Bulletin - January 2019 (Oracle)