Poppler CVE-2017-7515 Denial of Service Vulnerability

Bugtraq ID:	105018
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2017-7515
Remote:	Yes
Local:	No
Published:	May 27 2017 12:00AM
Updated:	May 27 2017 12:00AM
Credit:	Jiaqi Peng
Vulnerable:	Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Redhat Enterprise Linux 5 Poppler poppler 0.24.3 Poppler poppler 0.12.4 Poppler poppler 0.12 Poppler poppler 0.10.6 Poppler poppler 0.10.4 Poppler poppler 0.10.3 Poppler poppler 0.8.4 Poppler poppler 0.5.4 Poppler poppler 0.5.3 Poppler poppler 0.5.1 Poppler poppler 0.4.5 Poppler poppler 0.4.2 Poppler poppler 0.4.1 Poppler poppler 0.3.2 Poppler poppler 0.55.0 Poppler poppler 0.53.0 Poppler poppler 0.40.0 Poppler poppler 0.24.2 Poppler poppler 0.22.1 Poppler poppler 0.22.0 Poppler poppler 0.14.3 Poppler poppler 0.13.3 Poppler poppler 0.13.2 Poppler poppler 0
Not Vulnerable:

Poppler CVE-2017-7515 Denial of Service Vulnerability

Poppler is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users.

Poppler 0.55.0 and prior versions are vulnerable.

Poppler CVE-2017-7515 Denial of Service Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Poppler CVE-2017-7515 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Poppler CVE-2017-7515 Denial of Service Vulnerability

References:

• CVE-2017-7515 (Red Hat)
  
• Poppler Homepage (Poppler)
  
• [pdfunite] crash due to a recursive call of two functions that exhausts the call ()
  
• CVE-2017-7515 poppler: Stack exhaustion due to infinite recursive call in pdfuni (Bugzilla)