CVE-2012-2142

Published: 09 January 2020

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
Upstream
Released (0.24.0)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(0.24.0-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [0.24.0-0ubuntu1])
Patches:
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
xpdf
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)

Notes

AuthorNote
jdstrand
per Debian, xpdf not affected
mdeslaur
needs a backport

References