Heap-based Buffer Over-read Vulnerability in FoFiType1C::convertToType0 Function in Poppler 0.59.0

Heap-based Buffer Over-read Vulnerability in FoFiType1C::convertToType0 Function in Poppler 0.59.0

CVE-2017-14976 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

Learn more about our Web Application Penetration Testing UK.