NULL Pointer Dereference Vulnerability in FoFiTrueType::getCFFBlock Function in Poppler 0.59.0

CVE-2017-14977 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

Learn more about our Web Application Penetration Testing UK.