cpe:/a:freedesktop:poppler:0.59.0 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 CVE-2017-14977 2017-10-01T21:29:00.657-04:00 2019-05-03T16:05:04.187-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2019-05-03T12:57:06.100-04:00 DEBIAN DSA-4079 MLIST [debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update CONFIRM https://bugs.freedesktop.org/show_bug.cgi?id=103045 The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.