In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document
@maintainter(s), upstream resolved as fixed but I did not find patch @url. In case of stabilization, please call for it if needed, thank you.
Daj Uan (jmbailey)
Gentoo Security Padawan
This is fixed here: https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f
It's not yet in any release.
The bug has been referenced in the following commit(s):
Author: Andreas Sturmlechner <firstname.lastname@example.org>
AuthorDate: 2017-11-24 21:12:10 +0000
Commit: Andreas Sturmlechner <email@example.com>
CommitDate: 2017-11-24 23:06:21 +0000
app-text/poppler: Fix CVE-2017-14517
Package-Manager: Portage-2.3.16, Repoman-2.3.6
.../files/poppler-0.57.0-CVE-2017-14517.patch | 27 ++++
app-text/poppler/poppler-0.57.0-r1.ebuild | 148 +++++++++++++++++++++
2 files changed, 175 insertions(+)}
GLSA Vote: No
Tree is clean.