High severity7.8NVD Advisory· Published May 6, 2016· Updated May 6, 2026
CVE-2015-8868
CVE-2015-8868
Description
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
Affected products
6- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00068.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-06/msg00077.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2580.htmlnvd
- www.debian.org/security/2016/dsa-3563nvd
- www.openwall.com/lists/oss-security/2016/04/12/1nvd
- www.securityfocus.com/bid/89324nvd
- www.ubuntu.com/usn/USN-2958-1nvd
- bugs.freedesktop.org/show_bug.cginvd
- cgit.freedesktop.org/poppler/poppler/commit/nvd
- poppler.freedesktop.org/releases.htmlnvd
- security.gentoo.org/glsa/201611-15nvd
News mentions
0No linked articles in our index yet.