Fluid Attacks Database

Description

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	poppler	>=0 <0.69.0-2	0.69.0-2
debian 13	poppler	>=0 <0.69.0-2	0.69.0-2
debian 11	poppler	>=0 <0.69.0-2	0.69.0-2
rpm rhel7	gspell	<0:1.6.1-1.el7	0:1.6.1-1.el7
rpm rhel7	gnome-keyring	<0:3.28.2-1.el7	0:3.28.2-1.el7
rpm rhel7	folks	<1:0.11.4-1.el7	1:0.11.4-1.el7
rpm rhel7	gnome-backgrounds	<0:3.28.0-1.el7	0:3.28.0-1.el7
rpm rhel7	empathy	<0:3.12.13-1.el7	0:3.12.13-1.el7
rpm rhel7	gdk-pixbuf2	<0:2.36.12-3.el7	0:2.36.12-3.el7
debian 12	poppler	>=0 <0.69.0-2	0.69.0-2

1-10 of 152

Aliases

1. CVE-2017-182672. NVD-2017-182673. OSV-DEBIAN-2017-182674. OSV-2017-182675. SECURITY-TRACKER-CVE-2017-18267

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.