CVE-2012-2142
published 2020-01-09CVE-2012-2142: The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.18.4-7 (bookworm) | poppler 0.18.4-7 (bookworm) |
| debian | xpdf | < poppler 0.18.4-7 (bookworm) | poppler 0.18.4-7 (bookworm) |
| freedesktop | poppler | < 0.21.4 | 0.21.4 |
| freedesktop | poppler | >= 0 < 0.18.4-7 | 0.18.4-7 |
| freedesktop | poppler | >= 0 < 0.18.4-7 | 0.18.4-7 |
| freedesktop | poppler | >= 0 < 0.18.4-7 | 0.18.4-7 |
| freedesktop | poppler | >= 0 < 0.18.4-7 | 0.18.4-7 |
| opensuse | opensuse | — | — |
| poppler | poppler | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| xpdfreader | xpdf | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH