CVE-2013-1790Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedApr 9
Latest updateMay 17

Description

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianfreedesktop/poppler< 0.18.4-6+3

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-hcc2-w269-v2fq: poppler/Stream2022-05-17
OSV
CVE-2013-1790: poppler/Stream2013-04-09
CVEList
CVE-2013-1790: poppler/Stream2013-04-09

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2013-04-02
Red Hat
poppler: uninitialized memory read flaw2013-01-09
Debian
CVE-2013-1790: poppler - poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to...2013

💬Community

2
Bugzilla
CVE-2013-1790 poppler: uninitialized memory read flaw2013-03-01
Bugzilla
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]2013-03-01
CVE-2013-1790 — Freedesktop Poppler vulnerability | cvebase