CVE-2017-2818 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-2818 Interim 1 19 2023-02-10T02:24:25Z current 2021-05-30T13:50:25Z 2023-02-10T02:24:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-2818 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Bootstrap Kit 12 libpoppler-cpp0 libpoppler-devel libpoppler-glib-devel libpoppler-glib4 libpoppler-glib8 libpoppler-qt2 libpoppler-qt3-devel libpoppler-qt4-3 libpoppler-qt4-devel libpoppler44 libpoppler5 libpoppler60 poppler poppler-tools typelib-1_0-Poppler-0_18 poppler as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata poppler as a component of SUSE Linux Enterprise Server 11 SP3 LTSS poppler as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata libpoppler-glib4 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libpoppler-qt4-3 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libpoppler5 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS poppler-tools as a component of SUSE Linux Enterprise Server 11 SP4-LTSS poppler as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libpoppler-glib8 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libpoppler44 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS poppler-tools as a component of SUSE Linux Enterprise Server 12 SP1-LTSS poppler as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libpoppler-glib8 as a component of SUSE Linux Enterprise Server 12 SP2 libpoppler44 as a component of SUSE Linux Enterprise Server 12 SP2 libpoppler60 as a component of SUSE Linux Enterprise Server 12 SP2 poppler-tools as a component of SUSE Linux Enterprise Server 12 SP2 poppler as a component of SUSE Linux Enterprise Server 12 SP2 libpoppler-glib8 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libpoppler60 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS poppler-tools as a component of SUSE Linux Enterprise Server 12 SP4-LTSS poppler as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libpoppler-glib8 as a component of SUSE Linux Enterprise Server 12-LTSS libpoppler44 as a component of SUSE Linux Enterprise Server 12-LTSS poppler-tools as a component of SUSE Linux Enterprise Server 12-LTSS poppler as a component of SUSE Linux Enterprise Server 12-LTSS poppler as a component of SUSE Linux Enterprise Software Bootstrap Kit 12 libpoppler-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-glib-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt3-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt4-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 poppler-tools as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 poppler as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-cpp0 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 libpoppler-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 libpoppler-glib-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 typelib-1_0-Poppler-0_18 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 poppler as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. CVE-2017-2818 SUSE Linux Enterprise Server 11 SP1 for Teradata:poppler SUSE Linux Enterprise Server 11 SP3 LTSS:poppler SUSE Linux Enterprise Server 11 SP3 for Teradata:poppler SUSE Linux Enterprise Server 11 SP4-LTSS:libpoppler-glib4 SUSE Linux Enterprise Server 11 SP4-LTSS:libpoppler-qt4-3 SUSE Linux Enterprise Server 11 SP4-LTSS:libpoppler5 SUSE Linux Enterprise Server 11 SP4-LTSS:poppler SUSE Linux Enterprise Server 11 SP4-LTSS:poppler-tools SUSE Linux Enterprise Server 12 SP1-LTSS:libpoppler-glib8 SUSE Linux Enterprise Server 12 SP1-LTSS:libpoppler44 SUSE Linux Enterprise Server 12 SP1-LTSS:poppler SUSE Linux Enterprise Server 12 SP1-LTSS:poppler-tools SUSE Linux Enterprise Server 12 SP2:libpoppler-glib8 SUSE Linux Enterprise Server 12 SP2:libpoppler44 SUSE Linux Enterprise Server 12 SP2:libpoppler60 SUSE Linux Enterprise Server 12 SP2:poppler SUSE Linux Enterprise Server 12 SP2:poppler-tools SUSE Linux Enterprise Server 12 SP4-LTSS:libpoppler-glib8 SUSE Linux Enterprise Server 12 SP4-LTSS:libpoppler60 SUSE Linux Enterprise Server 12 SP4-LTSS:poppler SUSE Linux Enterprise Server 12 SP4-LTSS:poppler-tools SUSE Linux Enterprise Server 12-LTSS:libpoppler-glib8 SUSE Linux Enterprise Server 12-LTSS:libpoppler44 SUSE Linux Enterprise Server 12-LTSS:poppler SUSE Linux Enterprise Server 12-LTSS:poppler-tools SUSE Linux Enterprise Software Bootstrap Kit 12:poppler SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-devel SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-glib-devel SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt2 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt3-devel SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt4-devel SUSE Linux Enterprise Software Development Kit 11 SP4:poppler SUSE Linux Enterprise Software Development Kit 11 SP4:poppler-tools SUSE Linux Enterprise Software Development Kit 12 SP2:libpoppler-cpp0 SUSE Linux Enterprise Software Development Kit 12 SP2:libpoppler-devel SUSE Linux Enterprise Software Development Kit 12 SP2:libpoppler-glib-devel SUSE Linux Enterprise Software Development Kit 12 SP2:poppler SUSE Linux Enterprise Software Development Kit 12 SP2:typelib-1_0-Poppler-0_18 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H