Lucene search

[email protected]NVD:CVE-2013-7296

HistoryJan 26, 2014 - 1:55 a.m.

CVE-2013-7296

2014-01-2601:55:13

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.2%

JSON

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

Affected configurations

NVD

Node

freedesktoppopplerRange≤0.24.3

freedesktoppopplerMatch0.1

freedesktoppopplerMatch0.1.1

freedesktoppopplerMatch0.1.2

freedesktoppopplerMatch0.2.0

freedesktoppopplerMatch0.10.0

freedesktoppopplerMatch0.10.1

freedesktoppopplerMatch0.10.2

freedesktoppopplerMatch0.10.3

freedesktoppopplerMatch0.10.4

freedesktoppopplerMatch0.10.5

freedesktoppopplerMatch0.10.6

freedesktoppopplerMatch0.10.7

freedesktoppopplerMatch0.11.0

freedesktoppopplerMatch0.11.1

freedesktoppopplerMatch0.11.2

freedesktoppopplerMatch0.11.3

freedesktoppopplerMatch0.12.0

freedesktoppopplerMatch0.12.1

freedesktoppopplerMatch0.12.2

freedesktoppopplerMatch0.12.3

freedesktoppopplerMatch0.12.4

freedesktoppopplerMatch0.13.0

freedesktoppopplerMatch0.13.1

freedesktoppopplerMatch0.13.2

freedesktoppopplerMatch0.13.3

freedesktoppopplerMatch0.13.4

freedesktoppopplerMatch0.14.0

freedesktoppopplerMatch0.14.1

freedesktoppopplerMatch0.14.2

freedesktoppopplerMatch0.14.3

freedesktoppopplerMatch0.14.4

freedesktoppopplerMatch0.14.5

freedesktoppopplerMatch0.15.0

freedesktoppopplerMatch0.15.1

freedesktoppopplerMatch0.15.2

freedesktoppopplerMatch0.15.3

freedesktoppopplerMatch0.16.0

freedesktoppopplerMatch0.16.1

freedesktoppopplerMatch0.16.2

freedesktoppopplerMatch0.16.3

freedesktoppopplerMatch0.16.4

freedesktoppopplerMatch0.16.5

freedesktoppopplerMatch0.16.6

freedesktoppopplerMatch0.16.7

freedesktoppopplerMatch0.17.0

freedesktoppopplerMatch0.17.1

freedesktoppopplerMatch0.17.2

freedesktoppopplerMatch0.17.3

freedesktoppopplerMatch0.17.4

freedesktoppopplerMatch0.18.0

freedesktoppopplerMatch0.18.1

freedesktoppopplerMatch0.18.2

freedesktoppopplerMatch0.18.3

freedesktoppopplerMatch0.18.4

freedesktoppopplerMatch0.19.0

freedesktoppopplerMatch0.19.1

freedesktoppopplerMatch0.19.2

freedesktoppopplerMatch0.19.3

freedesktoppopplerMatch0.19.4

freedesktoppopplerMatch0.20.0

freedesktoppopplerMatch0.20.1

freedesktoppopplerMatch0.20.2

freedesktoppopplerMatch0.20.3

freedesktoppopplerMatch0.20.4

freedesktoppopplerMatch0.20.5

freedesktoppopplerMatch0.21.0

freedesktoppopplerMatch0.21.1

freedesktoppopplerMatch0.21.2

freedesktoppopplerMatch0.21.3

freedesktoppopplerMatch0.21.4

freedesktoppopplerMatch0.22.0

freedesktoppopplerMatch0.22.1

freedesktoppopplerMatch0.22.2

freedesktoppopplerMatch0.22.3

freedesktoppopplerMatch0.22.4

freedesktoppopplerMatch0.23.0

freedesktoppopplerMatch0.23.1

freedesktoppopplerMatch0.23.2

freedesktoppopplerMatch0.23.3

freedesktoppopplerMatch0.23.4

freedesktoppopplerMatch0.24.0

freedesktoppopplerMatch0.24.1

freedesktoppopplerMatch0.24.2

References

cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684

lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html

seclists.org/oss-sec/2014/q1/105

seclists.org/oss-sec/2014/q1/97

secunia.com/advisories/56567

secunia.com/advisories/56776

security.gentoo.org/glsa/glsa-201401-21.xml

bugzilla.redhat.com/show_bug.cgi?id=1048199

exchange.xforce.ibmcloud.com/vulnerabilities/90552

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for NVD:CVE-2013-7296

nessus3 ubuntucve1 prion1 cvelist1 cve1 debiancve1 openvas1 gentoo1