CVE-2017-7515
Ubuntu Security Notice USN-3350-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
poppler hasta versión 0.55.0, es vulnerable a una recursión no controlada en pdfunite resultando en una potencial denegación de servicio.
Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-06-06 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-674: Uncontrolled Recursion
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.freedesktop.org/show_bug.cgi?id=101208 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | <= 0.55.0 Search vendor "Freedesktop" for product "Poppler" and version " <= 0.55.0" | - |
Affected
| ||||||