CVE-2013-1788
Published: 28 February 2013
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
Notes
Author | Note |
---|---|
mdeslaur | reproducers: 1150.pdf.asan.8.69, 2030.pdf.asan.69.463, 1091.pdf.asan.72.42, 1036.pdf.asan.23.17 |
Priority
Status
Package | Release | Status |
---|---|---|
poppler Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(0.12.4-0ubuntu5.3)
|
|
oneiric |
Released
(0.16.7-2ubuntu2.1)
|
|
precise |
Released
(0.18.4-1ubuntu3.1)
|
|
quantal |
Released
(0.20.4-0ubuntu1.2)
|
|
upstream |
Released
(0.22.1)
|
|
Patches: upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=d0df8e54512f584ca2b3edbae1c19e167948e5c3 upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492 upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e14b6e9c13d35c9bd1e0c50906ace8e707816888 upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=0388837f01bc467045164f9ddaff787000a8caaa upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=957aa252912cde85d76c41e9710b33425a82b696 upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bbc2d8918fe234b7ef2c480eb148943922cc0959 |