Your submission was sent successfully! Close

CVE-2013-1789

Published: 28 February 2013

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

Notes

AuthorNote
mdeslaur
reproducers: 1031.pdf.asan.48.15, 1007.pdf.asan.48.4
Priority

Low

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (0.12.4-0ubuntu5.3)
oneiric
Released (0.16.7-2ubuntu2.1)
precise
Released (0.18.4-1ubuntu3.1)
quantal
Released (0.20.4-0ubuntu1.2)
upstream
Released (0.22.1)
Patches:
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2