CVE-2013-1789
Published: 28 February 2013
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
Priority
Status
Package | Release | Status |
---|---|---|
poppler Launchpad, Ubuntu, Debian |
Upstream |
Released
(0.22.1)
|
Patches: Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2 |
Notes
Author | Note |
---|---|
mdeslaur | reproducers: 1031.pdf.asan.48.15, 1007.pdf.asan.48.4 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1789
- http://www.openwall.com/lists/oss-security/2013/02/28/4
- http://www.openwall.com/lists/oss-security/2013/02/28/8
- http://j00ru.vexillium.org/?p=1507
- https://usn.ubuntu.com/usn/usn-1785-1
- NVD
- Launchpad
- Debian