1. Home
  2. CVE Database
  3. CVE-2015-8868
HIGH · 7.8

CVE-2015-8868

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possi...

Vulnerability Description

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
FedoraprojectFedora23
DebianDebian Linux8.0
CanonicalUbuntu Linux12.04
FreedesktopPoppler0.39.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-8868?

CVE-2015-8868 is a vulnerability with a CVSS score of 7.8 (HIGH). Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possi...

How severe is CVE-2015-8868?

CVE-2015-8868 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8868?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux, Freedesktop Poppler.