CVE-2013-1789
Published: 28 February 2013
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
Notes
Author | Note |
---|---|
mdeslaur |
reproducers: 1031.pdf.asan.48.15, 1007.pdf.asan.48.4 |
Priority
Status
Package | Release | Status |
---|---|---|
poppler
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(0.12.4-0ubuntu5.3)
|
|
oneiric |
Released
(0.16.7-2ubuntu2.1)
|
|
precise |
Released
(0.18.4-1ubuntu3.1)
|
|
quantal |
Released
(0.20.4-0ubuntu1.2)
|
|
upstream |
Released
(0.22.1)
|
|
Patches:
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2 |