CVE-2017-2820
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
Se presenta una vulnerabilidad de desbordamiento de enteros explotable en la funcionalidad de análisis de imágenes JPEG 2000 de freedesktop.org de Poppler versión 0.53.0. Un archivo PDF especialmente creado puede conllevar a un desbordamiento de enteros causando una sobreescritura de memoria fuera de límites en la pila, resultando en una potencial ejecución de código arbitraria. Para desencadenar esta vulnerabilidad, una víctima necesita abrir el PDF malicioso en una aplicación usando esta biblioteca.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-07-07 CVE Published
- 2024-02-12 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99497 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | 0.53.0 Search vendor "Freedesktop" for product "Poppler" and version "0.53.0" | - |
Affected
| ||||||