DEBIAN-CVE-2017-2814

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2017-2814

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-2814.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2017-2814

Upstream

CVE-2017-2814

Published

2017-07-12T17:29:00.467Z

Modified

2026-03-17T02:45:06.616966Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.

References

https://security-tracker.debian.org/tracker/CVE-2017-2814

Affected packages

Debian:11 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.09.0-3.1

20.09.0-3.1+deb11u1

20.09.0-3.1+deb11u2

21.*

21.02.0-1

21.06.0-1

21.06.1-1

21.11.0-1

22.*

22.02.0-1

22.02.0-2

22.02.0-3

22.06.0-1

22.08.0-1

22.08.0-2

22.08.0-2.1

22.11.0-1

22.12.0-1

22.12.0-2

22.12.0-2.1

22.12.0-2.2

23.*

23.08.0-1

23.08.0-2

23.12.0-1

24.*

24.02.0-1

24.02.0-2

24.02.0-3

24.02.0-4

24.02.0-5

24.02.0-5+loong64

24.06.0-1

24.06.0-2

24.08.0-1

24.08.0-2

24.08.0-3

24.08.0-4

25.*

25.01.0-1

25.01.0-2

25.01.0-3

25.01.0-4

25.01.0-5

25.03.0-1

25.03.0-2

25.03.0-3

25.03.0-4

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

26.*

26.01.0-1

26.01.0-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-2814.json"

Debian:12 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

22.*

22.12.0-2

22.12.0-2+deb12u1

22.12.0-2.1

22.12.0-2.2

23.*

23.08.0-1

23.08.0-2

23.12.0-1

24.*

24.02.0-1

24.02.0-2

24.02.0-3

24.02.0-4

24.02.0-5

24.02.0-5+loong64

24.06.0-1

24.06.0-2

24.08.0-1

24.08.0-2

24.08.0-3

24.08.0-4

25.*

25.01.0-1

25.01.0-2

25.01.0-3

25.01.0-4

25.01.0-5

25.03.0-1

25.03.0-2

25.03.0-3

25.03.0-4

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

26.*

26.01.0-1

26.01.0-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-2814.json"

Debian:13 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.03.0-5

25.03.0-5+deb13u2

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

26.*

26.01.0-1

26.01.0-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-2814.json"

Debian:14 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

26.*

26.01.0-1

26.01.0-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-2814.json"