Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-1788

Published: 28 February 2013

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

Notes

AuthorNote
mdeslaur
reproducers: 1150.pdf.asan.8.69, 2030.pdf.asan.69.463,
1091.pdf.asan.72.42, 1036.pdf.asan.23.17

Priority

Medium