CVE-2013-1789
published 2013-04-09CVE-2013-1789: splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.38%
81.8th percentile
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | — | — |
| freedesktop | poppler | <= 0.22.0 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2013-04-02
CVE-2013-1788 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: Applications using poppler could be made to crash or possibly run programs
as your login if they opened a specially crafted file.
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or possibly execute arbitrary code with privileges of the user
invoking the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: Multiple null pointer de-references in the Poppler splash backend
vendor_redhat·2013-01-10·CVSS 4.3
CVE-2013-1789 [MEDIUM] poppler: Multiple null pointer de-references in the Poppler splash backend
poppler: Multiple null pointer de-references in the Poppler splash backend
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
Package: poppler (Red Hat Enterprise Linux 5) - Not affected
Package: poppler (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2013-1789: poppler - splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to ...
vendor_debian·2013·CVSS 4.3
CVE-2013-1789 [MEDIUM] CVE-2013-1789: poppler - splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to ...
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-5wg2-pmq5-5v8v: splash/Splash
ghsa_unreviewed·2022-05-17
CVE-2013-1789 [MEDIUM] GHSA-5wg2-pmq5-5v8v: splash/Splash
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1789 poppler: Multiple null pointer de-references in the Poppler splash backend
bugzilla·2013-03-01·CVSS 4.3
CVE-2013-1789 [MEDIUM] CVE-2013-1789 poppler: Multiple null pointer de-references in the Poppler splash backend
CVE-2013-1789 poppler: Multiple null pointer de-references in the Poppler splash backend
Two bugs that lead to a denial of service (crash) were reported in poppler (fixed in version 0.22.1):
- Fix crash in broken file 1031.pdf.asan.48.15 [1].
- Do not crash in broken documents like 1007.pdf.asan.48.4 [2].
[1] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2
[2] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
Discussion:
Created poppler tracking bugs for this issue
Affects: fedora-all [bug 917113]
---
poppler-0.20.2-10.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
---
poppler-0.
Bugzilla
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
bugzilla·2013-03-01·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
Bugzilla
CVE-2013-1788 poppler: multiple invalid memory access flaws
bugzilla·2013-03-01·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788 poppler: multiple invalid memory access flaws
CVE-2013-1788 poppler: multiple invalid memory access flaws
A number of invalid memory access flaws were reported in poppler (fixed in version 0.22.1):
- Fix invalid memory access in 1150.pdf.asan.8.69 [1].
- Fix invalid memory access in 2030.pdf.asan.69.463 [2].
- Fix another invalid memory access in 1091.pdf.asan.72.42 [3].
- Fix invalid memory accesses in 1091.pdf.asan.72.42 [4].
- Fix invalid memory accesses in 1036.pdf.asan.23.17 [5].
[1] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
[2] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
[3] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa
[4] http
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacechttp://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2http://j00ru.vexillium.org/?p=1507http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.htmlhttp://secunia.com/advisories/52846http://ubuntu.com/usn/usn-1785-1http://www.openwall.com/lists/oss-security/2013/02/28/4http://www.openwall.com/lists/oss-security/2013/02/28/8https://bugzilla.redhat.com/show_bug.cgi?id=917109http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacechttp://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2http://j00ru.vexillium.org/?p=1507http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.htmlhttp://secunia.com/advisories/52846http://ubuntu.com/usn/usn-1785-1http://www.openwall.com/lists/oss-security/2013/02/28/4http://www.openwall.com/lists/oss-security/2013/02/28/8https://bugzilla.redhat.com/show_bug.cgi?id=917109
2013-04-09
Published