CVE Vulnerabilities

CVE-2017-14929

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Sep 30, 2017 | Modified: Oct 03, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
LOW

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Poppler Freedesktop 0.59.0 (including) 0.59.0 (including)
Poppler Ubuntu devel *
Poppler Ubuntu trusty *
Poppler Ubuntu xenial *
Poppler Ubuntu zesty *

References