Vulnerability Details CVE-2017-9083
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2017-9083
-
cpe:2.3:a:freedesktop:poppler:0.54.0