Lucene search
HistoryNov 23, 2013 - 11:55 a.m.
CVE-2013-4473
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Affected configurations
Node
freedesktoppopplerRange≤0.24.1
ORfreedesktoppopplerMatch0.1
ORfreedesktoppopplerMatch0.1.1
ORfreedesktoppopplerMatch0.1.2
ORfreedesktoppopplerMatch0.2.0
ORfreedesktoppopplerMatch0.3.0
ORfreedesktoppopplerMatch0.3.1
ORfreedesktoppopplerMatch0.3.2
ORfreedesktoppopplerMatch0.3.3
ORfreedesktoppopplerMatch0.4.0
ORfreedesktoppopplerMatch0.4.1
ORfreedesktoppopplerMatch0.4.2
ORfreedesktoppopplerMatch0.4.3
ORfreedesktoppopplerMatch0.4.4
ORfreedesktoppopplerMatch0.5.0
ORfreedesktoppopplerMatch0.5.1
ORfreedesktoppopplerMatch0.5.2
ORfreedesktoppopplerMatch0.5.3
ORfreedesktoppopplerMatch0.5.4
ORfreedesktoppopplerMatch0.5.9
ORfreedesktoppopplerMatch0.5.90
ORfreedesktoppopplerMatch0.5.91
ORfreedesktoppopplerMatch0.6.0
ORfreedesktoppopplerMatch0.6.1
ORfreedesktoppopplerMatch0.6.2
ORfreedesktoppopplerMatch0.6.3
ORfreedesktoppopplerMatch0.6.4
ORfreedesktoppopplerMatch0.7.0
ORfreedesktoppopplerMatch0.7.1
ORfreedesktoppopplerMatch0.7.2
ORfreedesktoppopplerMatch0.7.3
ORfreedesktoppopplerMatch0.8.0
ORfreedesktoppopplerMatch0.8.1
ORfreedesktoppopplerMatch0.8.2
ORfreedesktoppopplerMatch0.8.3
ORfreedesktoppopplerMatch0.8.4
ORfreedesktoppopplerMatch0.8.5
ORfreedesktoppopplerMatch0.8.6
ORfreedesktoppopplerMatch0.8.7
ORfreedesktoppopplerMatch0.9.0
ORfreedesktoppopplerMatch0.9.1
ORfreedesktoppopplerMatch0.9.2
ORfreedesktoppopplerMatch0.9.3
ORfreedesktoppopplerMatch0.10.0
ORfreedesktoppopplerMatch0.10.1
ORfreedesktoppopplerMatch0.10.2
ORfreedesktoppopplerMatch0.10.3
ORfreedesktoppopplerMatch0.10.4
ORfreedesktoppopplerMatch0.10.5
ORfreedesktoppopplerMatch0.10.6
ORfreedesktoppopplerMatch0.10.7
ORfreedesktoppopplerMatch0.11.0
ORfreedesktoppopplerMatch0.11.1
ORfreedesktoppopplerMatch0.11.2
ORfreedesktoppopplerMatch0.11.3
ORfreedesktoppopplerMatch0.12.0
ORfreedesktoppopplerMatch0.12.1
ORfreedesktoppopplerMatch0.12.2
ORfreedesktoppopplerMatch0.12.3
ORfreedesktoppopplerMatch0.12.4
ORfreedesktoppopplerMatch0.13.0
ORfreedesktoppopplerMatch0.13.1
ORfreedesktoppopplerMatch0.13.2
ORfreedesktoppopplerMatch0.13.3
ORfreedesktoppopplerMatch0.13.4
ORfreedesktoppopplerMatch0.14.0
ORfreedesktoppopplerMatch0.14.1
ORfreedesktoppopplerMatch0.14.2
ORfreedesktoppopplerMatch0.14.3
ORfreedesktoppopplerMatch0.14.4
ORfreedesktoppopplerMatch0.14.5
ORfreedesktoppopplerMatch0.15.0
ORfreedesktoppopplerMatch0.15.1
ORfreedesktoppopplerMatch0.15.2
ORfreedesktoppopplerMatch0.15.3
ORfreedesktoppopplerMatch0.16.0
ORfreedesktoppopplerMatch0.16.1
ORfreedesktoppopplerMatch0.16.2
ORfreedesktoppopplerMatch0.16.3
ORfreedesktoppopplerMatch0.16.4
ORfreedesktoppopplerMatch0.16.5
ORfreedesktoppopplerMatch0.16.6
ORfreedesktoppopplerMatch0.16.7
ORfreedesktoppopplerMatch0.17.0
ORfreedesktoppopplerMatch0.17.1
ORfreedesktoppopplerMatch0.17.2
ORfreedesktoppopplerMatch0.17.3
ORfreedesktoppopplerMatch0.17.4
ORfreedesktoppopplerMatch0.18.0
ORfreedesktoppopplerMatch0.18.1
ORfreedesktoppopplerMatch0.18.2
ORfreedesktoppopplerMatch0.18.3
ORfreedesktoppopplerMatch0.18.4
ORfreedesktoppopplerMatch0.19.0
ORfreedesktoppopplerMatch0.19.1
ORfreedesktoppopplerMatch0.19.2
ORfreedesktoppopplerMatch0.19.3
ORfreedesktoppopplerMatch0.19.4
ORfreedesktoppopplerMatch0.20.0
ORfreedesktoppopplerMatch0.20.1
ORfreedesktoppopplerMatch0.20.2
ORfreedesktoppopplerMatch0.20.3
ORfreedesktoppopplerMatch0.20.4
ORfreedesktoppopplerMatch0.20.5
ORfreedesktoppopplerMatch0.21.0
ORfreedesktoppopplerMatch0.21.1
ORfreedesktoppopplerMatch0.21.2
ORfreedesktoppopplerMatch0.21.3
ORfreedesktoppopplerMatch0.21.4
ORfreedesktoppopplerMatch0.22.0
ORfreedesktoppopplerMatch0.22.1
ORfreedesktoppopplerMatch0.22.2
ORfreedesktoppopplerMatch0.22.3
ORfreedesktoppopplerMatch0.22.4
ORfreedesktoppopplerMatch0.23.0
ORfreedesktoppopplerMatch0.23.1
ORfreedesktoppopplerMatch0.23.2
ORfreedesktoppopplerMatch0.23.3
ORfreedesktoppopplerMatch0.23.4
ORfreedesktoppopplerMatch0.24.0
Node
canonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch15.10
References
bugs.debian.org/723124
cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b
cgit.freedesktop.org/poppler/poppler/tree/NEWS
secunia.com/advisories/56567
security.gentoo.org/glsa/glsa-201401-21.xml
www.openwall.com/lists/oss-security/2013/10/29/1
www.securityfocus.com/bid/63368
www.ubuntu.com/usn/USN-2958-1
bugs.freedesktop.org/show_bug.cgi?id=69434
Related
cve
cve
CVE-2013-4473
2013-11-23 11:55:04
debiancve
debiancve
CVE-2013-4473
2013-11-23 11:55:04
prion
prion
Stack overflow
2013-11-23 11:55:00
f5
f5
SOL81732330 - Poppler vulnerability CVE-2013-4473
2016-07-05 00:00:00
K81732330 : Poppler vulnerability CVE-2013-4473
2016-07-05 00:00:00
ubuntucve
ubuntucve
CVE-2013-4473
2013-11-23 00:00:00
cvelist
cvelist
CVE-2013-4473
2013-11-23 11:00:00
nessus
nessus
Fedora 18 : poppler-0.20.2-17.fc18 (2013-20410)
2013-11-18 00:00:00
Fedora 19 : poppler-0.22.1-5.fc19 (2013-20443)
2013-11-11 00:00:00
Mandriva Linux Security Advisory : poppler (MDVSA-2013:272)
2013-11-22 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: poppler-0.22.1-5.fc19
2013-11-11 02:25:06
[SECURITY] Fedora 18 Update: poppler-0.20.2-17.fc18
2013-11-16 07:15:50
securityvulns
securityvulns
[ MDVSA-2013:272 ] poppler
2013-11-26 00:00:00
poppler security vulnerabilities
2013-11-26 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0332)
2022-01-28 00:00:00
Fedora Update for poppler FEDORA-2013-20443
2013-11-18 00:00:00
Fedora Update for poppler FEDORA-2013-20443
2013-11-18 00:00:00
mageia
mageia
Updated poppler packages fix multiple vulnerabilities
2013-11-21 00:28:35
ubuntu
ubuntu
poppler vulnerabilities
2016-05-02 00:00:00
gentoo
gentoo
Poppler: Multiple vulnerabilities
2014-01-21 00:00:00
debian
debian
[SECURITY] [DLA 1074-1] poppler security update
2017-08-29 16:56:46
osv
osv
poppler - security update
2017-08-29 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%
Related for NVD:CVE-2013-4473