CVE-2013-1788Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
4.1%
top 11.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedApr 9
Latest updateMay 17

Description

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianfreedesktop/poppler< 0.18.4-6+3

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-frv4-v4xv-9gmp: poppler before 02022-05-17
CVEList
CVE-2013-1788: poppler before 02013-04-09
OSV
CVE-2013-1788: poppler before 02013-04-09

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2013-04-02
Red Hat
poppler: multiple invalid memory access flaws2013-01-10
Debian
CVE-2013-1788: poppler - poppler before 0.22.1 allows context-dependent attackers to cause a denial of se...2013

💬Community

2
Bugzilla
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]2013-03-01
Bugzilla
CVE-2013-1788 poppler: multiple invalid memory access flaws2013-03-01
CVE-2013-1788 — Freedesktop Poppler vulnerability | cvebase