CVE-2017-9406 in Ubuntu

CVE-2017-9406

Priority

Description

In Poppler 0.54.0, a memory leak vulnerability was found in the function
gmalloc in gmem.cc, which allows attackers to cause a denial of service via
a crafted file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406
https://usn.ubuntu.com/usn/usn-3350-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864010
https://bugs.freedesktop.org/show_bug.cgi?id=100775

Assigned-to

mdeslaur

Notes

Package

Source: poppler (LP Ubuntu Debian)

Upstream:	released (0.55)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [0.24.5-2ubuntu4.5])
Ubuntu 16.04 LTS (Xenial Xerus):	released (0.41.0-0ubuntu1.2)

Patches:

Upstream:

https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2020-03-18 22:50:48 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)