CVE-2017-7511
medium
CVSS v3
5.5
CVSS v4 NEW
โ
VIR risk
5.5
Description
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
Predictions
Exploit likelihood
55%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0.57.0-2 |
| debian | bullseye | fixed | 0.57.0-2 |
| debian | forky | fixed | 0.57.0-2 |
| debian | sid | fixed | 0.57.0-2 |
| debian | trixie | fixed | 0.57.0-2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| freedesktop | poppler | 0.17.3 | |
| freedesktop | poppler | 0.17.4 | |
| freedesktop | poppler | 0.18.0 | |
| freedesktop | poppler | 0.18.1 | |
| freedesktop | poppler | 0.18.2 | |
| freedesktop | poppler | 0.18.3 | |
| freedesktop | poppler | 0.18.4 | |
| freedesktop | poppler | 0.19.0 | |
| freedesktop | poppler | 0.19.1 | |
| freedesktop | poppler | 0.19.2 | |
| freedesktop | poppler | 0.19.3 | |
| freedesktop | poppler | 0.19.4 | |
| freedesktop | poppler | 0.20.0 | |
| freedesktop | poppler | 0.20.1 | |
| freedesktop | poppler | 0.20.2 | |
| freedesktop | poppler | 0.20.3 | |
| freedesktop | poppler | 0.20.4 | |
| freedesktop | poppler | 0.20.5 | |
| freedesktop | poppler | 0.21.0 | |
| freedesktop | poppler | 0.21.1 | |
| freedesktop | poppler | 0.21.2 | |
| freedesktop | poppler | 0.21.3 | |
| freedesktop | poppler | 0.21.4 | |
| freedesktop | poppler | 0.22.0 | |
| freedesktop | poppler | 0.22.1 | |
| freedesktop | poppler | 0.22.2 | |
| freedesktop | poppler | 0.22.3 | |
| freedesktop | poppler | 0.22.4 | |
| freedesktop | poppler | 0.22.5 | |
| freedesktop | poppler | 0.23.0 | |
| freedesktop | poppler | 0.23.1 | |
| freedesktop | poppler | 0.23.2 | |
| freedesktop | poppler | 0.23.3 | |
| freedesktop | poppler | 0.23.4 | |
| freedesktop | poppler | 0.24.0 | |
| freedesktop | poppler | 0.24.1 | |
| freedesktop | poppler | 0.24.2 | |
| freedesktop | poppler | 0.24.3 | |
| freedesktop | poppler | 0.24.4 | |
| freedesktop | poppler | 0.24.5 | |
| freedesktop | poppler | 0.25.0 | |
| freedesktop | poppler | 0.25.1 | |
| freedesktop | poppler | 0.25.2 | |
| freedesktop | poppler | 0.25.3 | |
| freedesktop | poppler | 0.26.0 | |
| freedesktop | poppler | 0.26.1 | |
| freedesktop | poppler | 0.26.2 | |
| freedesktop | poppler | 0.26.3 | |
| freedesktop | poppler | 0.26.4 | |
| freedesktop | poppler | 0.26.5 | |
| freedesktop | poppler | 0.28.0 | |
| freedesktop | poppler | 0.28.1 | |
| freedesktop | poppler | 0.29.0 | |
| freedesktop | poppler | 0.30.0 | |
| freedesktop | poppler | 0.31.0 | |
| freedesktop | poppler | 0.32.0 | |
| freedesktop | poppler | 0.33.0 | |
| freedesktop | poppler | 0.34.0 | |
| freedesktop | poppler | 0.35.0 | |
| freedesktop | poppler | 0.36.0 | |
| freedesktop | poppler | 0.37.0 | |
| freedesktop | poppler | 0.38.0 | |
| freedesktop | poppler | 0.39.0 | |
| freedesktop | poppler | 0.40.0 | |
| freedesktop | poppler | 0.41.0 | |
| freedesktop | poppler | 0.42.0 | |
| freedesktop | poppler | 0.43.0 | |
| freedesktop | poppler | 0.44.0 | |
| freedesktop | poppler | 0.45.0 | |
| freedesktop | poppler | 0.46.0 | |
| freedesktop | poppler | 0.47.0 | |
| freedesktop | poppler | 0.48.0 | |
| freedesktop | poppler | 0.49.0 | |
| freedesktop | poppler | 0.50.0 | |
| freedesktop | poppler | 0.51.0 | |
| freedesktop | poppler | 0.52.0 | |
| freedesktop | poppler | 0.53.0 | |
| freedesktop | poppler | 0.54.0 | |
| freedesktop | poppler | 0.55.0 | |
References
CWEs
CWE-476
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.