CVE-2013-1788
Published: 28 February 2013
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
Priority
Status
Notes
Author | Note |
---|---|
mdeslaur | reproducers: 1150.pdf.asan.8.69, 2030.pdf.asan.69.463, 1091.pdf.asan.72.42, 1036.pdf.asan.23.17 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
- http://www.openwall.com/lists/oss-security/2013/02/28/8
- http://www.openwall.com/lists/oss-security/2013/02/28/8
- http://j00ru.vexillium.org/?p=1507
- https://usn.ubuntu.com/usn/usn-1785-1
- NVD
- Launchpad
- Debian