CVE-2013-1788

Published: 28 February 2013

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

Priority

Medium

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian 		Upstream
Released (0.22.1)
Patches:
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=d0df8e54512f584ca2b3edbae1c19e167948e5c3 (bp)
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=0388837f01bc467045164f9ddaff787000a8caaa
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=957aa252912cde85d76c41e9710b33425a82b696
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bbc2d8918fe234b7ef2c480eb148943922cc0959

Notes

AuthorNote
mdeslaur 
reproducers: 1150.pdf.asan.8.69, 2030.pdf.asan.69.463,
1091.pdf.asan.72.42, 1036.pdf.asan.23.17

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading