CVE-2013-1788
published 2013-04-09CVE-2013-1788: poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.87%
88.9th percentile
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.18.4-6 (bookworm) | poppler 0.18.4-6 (bookworm) |
| freedesktop | poppler | <= 0.22.0 | — |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2013-04-02
CVE-2013-1788 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: Applications using poppler could be made to crash or possibly run programs
as your login if they opened a specially crafted file.
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or possibly execute arbitrary code with privileges of the user
invoking the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: multiple invalid memory access flaws
vendor_redhat·2013-01-10·CVSS 6.8
CVE-2013-1788 [MEDIUM] poppler: multiple invalid memory access flaws
poppler: multiple invalid memory access flaws
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: poppler (Red Hat Enterprise Linux 5) - Will not fix
Package: poppler (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2013-1788: poppler - poppler before 0.22.1 allows context-dependent attackers to cause a denial of se...
vendor_debian·2013·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788: poppler - poppler before 0.22.1 allows context-dependent attackers to cause a denial of se...
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
Scope: local
bookworm: resolved (fixed in 0.18.4-6)
bullseye: resolved (fixed in 0.18.4-6)
forky: resolved (fixed in 0.18.4-6)
sid: resolved (fixed in 0.18.4-6)
trixie: resolved (fixed in 0.18.4-6)
GHSA
GHSA-frv4-v4xv-9gmp: poppler before 0
ghsa_unreviewed·2022-05-17
CVE-2013-1788 [MEDIUM] CWE-119 GHSA-frv4-v4xv-9gmp: poppler before 0
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
OSV
CVE-2013-1788: poppler before 0
osv·2013-04-09·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788: poppler before 0
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
bugzilla·2013-03-01·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
Bugzilla
CVE-2013-1788 poppler: multiple invalid memory access flaws
bugzilla·2013-03-01·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788 poppler: multiple invalid memory access flaws
CVE-2013-1788 poppler: multiple invalid memory access flaws
A number of invalid memory access flaws were reported in poppler (fixed in version 0.22.1):
- Fix invalid memory access in 1150.pdf.asan.8.69 [1].
- Fix invalid memory access in 2030.pdf.asan.69.463 [2].
- Fix another invalid memory access in 1091.pdf.asan.72.42 [3].
- Fix invalid memory accesses in 1091.pdf.asan.72.42 [4].
- Fix invalid memory accesses in 1036.pdf.asan.23.17 [5].
[1] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
[2] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
[3] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa
[4] http
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaahttp://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888http://j00ru.vexillium.org/?p=1507http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.htmlhttp://secunia.com/advisories/52846http://ubuntu.com/usn/usn-1785-1http://www.debian.org/security/2013/dsa-2719http://www.mandriva.com/security/advisories?name=MDVSA-2013:143http://www.openwall.com/lists/oss-security/2013/02/28/4http://www.openwall.com/lists/oss-security/2013/02/28/8https://bugzilla.redhat.com/show_bug.cgi?id=917108http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaahttp://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888http://j00ru.vexillium.org/?p=1507http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.htmlhttp://secunia.com/advisories/52846http://ubuntu.com/usn/usn-1785-1http://www.debian.org/security/2013/dsa-2719http://www.mandriva.com/security/advisories?name=MDVSA-2013:143http://www.openwall.com/lists/oss-security/2013/02/28/4http://www.openwall.com/lists/oss-security/2013/02/28/8https://bugzilla.redhat.com/show_bug.cgi?id=917108
2013-04-09
Published