Poppler CVE-2017-14517 Denial of Service Vulnerability

Poppler is prone to a denial-of-service vulnerability.
A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users.
Poppler 0.59.0 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 105050
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-14517

Remote: Yes
Local: No
Published: Sep 17 2017 12:00AM
Updated: Jan 17 2019 10:00AM
Credit: Ziqiang Gu
Vulnerable: Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5
Oracle Solaris 11.4
freedesktop Poppler 0.59.0

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• Poppler Homepage (Poppler)
  
• Bug 102687 - NULL pointer dereference vulnerability in poppler 0.59.0 (Freedesktop)
  
• Bug 1499162 CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseE (Redhat)
  
• CVE-2017-14517 (Redhat)
  
• DSA-4079-1 poppler -- security update (Debian)
  
• Oracle Solaris Third Party Bulletin - January 2019 (Oracle)
  

Source: www.securityfocus.com