1
PublicDateAtUSN: 2017-07-07
2
Candidate: CVE-2017-2820
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2820
6
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0321
7
https://usn.ubuntu.com/usn/usn-3350-1
9
An exploitable integer overflow vulnerability exists in the JPEG 2000 image
10
parsing functionality of freedesktop.org Poppler 0.53.0. A specially
11
crafted PDF file can lead to an integer overflow causing out of bounds
12
memory overwrite on the heap resulting in potential arbitrary code
13
execution. To trigger this vulnerability, a victim must open the malicious
14
PDF in an application using this library.
17
mdeslaur> contrary to Debian, Ubuntu uses the internal JPEG 2000 library
18
mdeslaur> as openjpeg has not been approved for main inclusion
21
Discovered-by: Aleksandar Nikolic
25
upstream_poppler: needs-triage
26
precise/esm_poppler: DNE
27
trusty_poppler: released (0.24.5-2ubuntu4.5)
28
vivid/ubuntu-core_poppler: DNE
29
xenial_poppler: released (0.41.0-0ubuntu1.2)
30
yakkety_poppler: released (0.44.0-3ubuntu2.1)
31
zesty_poppler: released (0.48.0-2ubuntu2.1)
32
devel_poppler: released (0.48.0-2ubuntu3)