Candidate: CVE-2017-2818
PublicDate: 2017-07-12 17:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2818
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-2818
Description:
 An exploitable heap overflow vulnerability exists in the image rendering
 functionality of Poppler 0.53.0. A specifically crafted PDF can cause an
 overly large number of color components during image rendering, resulting
 in heap corruption. An attacker controlled PDF file can be used to trigger
 this vulnerability.
Ubuntu-Description: 
Notes: 
 mdeslaur> Ubuntu packages build with system libjpeg, not internal library
Bugs: 
Priority: medium
Discovered-by: Lilith Wyatt
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_poppler:
upstream_poppler: needs-triage
precise/esm_poppler: DNE
trusty_poppler: not-affected (uses system libjpeg)
trusty/esm_poppler: DNE (trusty was not-affected [uses system libjpeg])
vivid/ubuntu-core_poppler: DNE
xenial_poppler: not-affected (uses system libjpeg)
esm-infra/xenial_poppler: not-affected (uses system libjpeg)
yakkety_poppler: not-affected (uses system libjpeg)
zesty_poppler: not-affected (uses system libjpeg)
devel_poppler: not-affected (uses system libjpeg)