6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.3%
poppler before 0.22.1 allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via vectors that
trigger an “invalid memory access” in (1) splash/Splash.cc, (2)
poppler/Function.cc, and (3) poppler/Stream.cc.
Author | Note |
---|---|
mdeslaur | reproducers: 1150.pdf.asan.8.69, 2030.pdf.asan.69.463, 1091.pdf.asan.72.42, 1036.pdf.asan.23.17 |
j00ru.vexillium.org/?p=1507
www.openwall.com/lists/oss-security/2013/02/28/8
www.openwall.com/lists/oss-security/2013/02/28/8
launchpad.net/bugs/cve/CVE-2013-1788
nvd.nist.gov/vuln/detail/CVE-2013-1788
security-tracker.debian.org/tracker/CVE-2013-1788
ubuntu.com/security/notices/USN-1785-1
www.cve.org/CVERecord?id=CVE-2013-1788