Poppler CVE-2017-14517 Denial of Service Vulnerability

Bugtraq ID:	105050
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2017-14517
Remote:	Yes
Local:	No
Published:	Sep 17 2017 12:00AM
Updated:	Jan 17 2019 10:00AM
Credit:	Ziqiang Gu
Vulnerable:	Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Redhat Enterprise Linux 5 Oracle Solaris 11.4 freedesktop Poppler 0.59.0
Not Vulnerable:

Poppler CVE-2017-14517 Denial of Service Vulnerability

Poppler is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users.

Poppler 0.59.0 is vulnerable; other versions may also be affected.

Poppler CVE-2017-14517 Denial of Service Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Poppler CVE-2017-14517 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Poppler CVE-2017-14517 Denial of Service Vulnerability

References:

• Poppler Homepage (Poppler)
  
• Bug 102687 - NULL pointer dereference vulnerability in poppler 0.59.0 (Freedesktop)
  
• Bug 1499162 CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseE (Redhat)
  
• CVE-2017-14517 (Redhat)
  
• DSA-4079-1 poppler -- security update (Debian)
  
• Oracle Solaris Third Party Bulletin - January 2019 (Oracle)