CVE-2017-1000456

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000456

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000456.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-1000456

Downstream

DEBIAN-CVE-2017-1000456

DLA-1228-1

DSA-4097-1

SUSE-SU-2018:1662-1

SUSE-SU-2018:1691-1

SUSE-SU-2020:1626-1

UBUNTU-CVE-2017-1000456

USN-3517-1

Related

Published

2018-01-02T18:29:00.247Z

Modified

2026-03-19T12:30:47.061467Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

References

Affected packages

Git / gitlab.freedesktop.org/poppler/poppler

Affected ranges

Type

GIT

Repo

https://gitlab.freedesktop.org/poppler/poppler

Events

Introduced

Last affected

f09a9923bb65755e183694c5f1be6af4a50e96e6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.60.1"
        }
    ]
}

Affected versions

poppler-0.*

poppler-0.10.0

poppler-0.11.0

poppler-0.11.1

poppler-0.11.2

poppler-0.11.3

poppler-0.12.0

poppler-0.13.1

poppler-0.13.2

poppler-0.13.3

poppler-0.13.4

poppler-0.14.0

poppler-0.15.0

poppler-0.15.1

poppler-0.15.2

poppler-0.15.3

poppler-0.16.0

poppler-0.17.0

poppler-0.17.1

poppler-0.17.2

poppler-0.17.3

poppler-0.17.4

poppler-0.18.0

poppler-0.19.0

poppler-0.19.1

poppler-0.19.2

poppler-0.19.3

poppler-0.19.4

poppler-0.2.0

poppler-0.20.0

poppler-0.20.1

poppler-0.20.2

poppler-0.20.3

poppler-0.20.4

poppler-0.20.5

poppler-0.21.0

poppler-0.21.1

poppler-0.21.2

poppler-0.21.3

poppler-0.21.4

poppler-0.22.0

poppler-0.22.1

poppler-0.22.2

poppler-0.22.3

poppler-0.22.4

poppler-0.23.0

poppler-0.23.1

poppler-0.23.2

poppler-0.23.3

poppler-0.23.4

poppler-0.24.0

poppler-0.24.1

poppler-0.24.2

poppler-0.24.3

poppler-0.24.4

poppler-0.24.5

poppler-0.25.0

poppler-0.25.1

poppler-0.25.2

poppler-0.25.3

poppler-0.26.0

poppler-0.26.1

poppler-0.26.2

poppler-0.26.3

poppler-0.26.4

poppler-0.28.0

poppler-0.28.1

poppler-0.29.0

poppler-0.3.0

poppler-0.3.1

poppler-0.3.2

poppler-0.3.3

poppler-0.30.0

poppler-0.31.0

poppler-0.32.0

poppler-0.33.0

poppler-0.34.0

poppler-0.35.0

poppler-0.36

poppler-0.37

poppler-0.38.0

poppler-0.39

poppler-0.4.0

poppler-0.40.0

poppler-0.41.0

poppler-0.42.0

poppler-0.43

poppler-0.44

poppler-0.45

poppler-0.46

poppler-0.47

poppler-0.48

poppler-0.49

poppler-0.5.0

poppler-0.5.1

poppler-0.5.2

poppler-0.5.3

poppler-0.5.4

poppler-0.50

poppler-0.51

poppler-0.52

poppler-0.53

poppler-0.54

poppler-0.55

poppler-0.56

poppler-0.57

poppler-0.58

poppler-0.59

poppler-0.6.0

poppler-0.6.0.RC1

poppler-0.60

poppler-0.60.1

poppler-0.7.0

poppler-0.7.1

poppler-0.7.2

poppler-0.7.3

poppler-0.8.0

poppler-0.9.0

poppler-0.9.1

poppler-0.9.2

poppler-0.9.3

Other

poppler-before-fontconfig

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000456.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]