CVE-2013-1790
published 2013-04-09CVE-2013-1790: poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.58%
83.3th percentile
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.18.4-6 (bookworm) | poppler 0.18.4-6 (bookworm) |
| freedesktop | poppler | <= 0.22.0 | — |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
| freedesktop | poppler | >= 0 < 0.18.4-6 | 0.18.4-6 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2013-04-02
CVE-2013-1788 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: Applications using poppler could be made to crash or possibly run programs
as your login if they opened a specially crafted file.
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or possibly execute arbitrary code with privileges of the user
invoking the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: uninitialized memory read flaw
vendor_redhat·2013-01-09·CVSS 6.8
CVE-2013-1790 [MEDIUM] poppler: uninitialized memory read flaw
poppler: uninitialized memory read flaw
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: poppler (Red Hat Enterprise Linux 5) - Will not fix
Package: poppler (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2013-1790: poppler - poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to...
vendor_debian·2013·CVSS 6.8
CVE-2013-1790 [MEDIUM] CVE-2013-1790: poppler - poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to...
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
Scope: local
bookworm: resolved (fixed in 0.18.4-6)
bullseye: resolved (fixed in 0.18.4-6)
forky: resolved (fixed in 0.18.4-6)
sid: resolved (fixed in 0.18.4-6)
trixie: resolved (fixed in 0.18.4-6)
GHSA
GHSA-hcc2-w269-v2fq: poppler/Stream
ghsa_unreviewed·2022-05-17
CVE-2013-1790 [MEDIUM] CWE-119 GHSA-hcc2-w269-v2fq: poppler/Stream
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
OSV
CVE-2013-1790: poppler/Stream
osv·2013-04-09·CVSS 6.8
CVE-2013-1790 [MEDIUM] CVE-2013-1790: poppler/Stream
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1790 poppler: uninitialized memory read flaw
bugzilla·2013-03-01·CVSS 6.8
CVE-2013-1790 [MEDIUM] CVE-2013-1790 poppler: uninitialized memory read flaw
CVE-2013-1790 poppler: uninitialized memory read flaw
An uninitialized memory read flaw was reported in poppler (fixed in version 0.22.1):
Initialize refLine totally
Fixes uninitialized memory read in 1004.pdf.asan.7.3 [1]
[1] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91
Discussion:
Created poppler tracking bugs for this issue
Affects: fedora-all [bug 917113]
---
poppler-0.20.2-10.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
---
poppler-0.18.4-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue affects the version of poppler as shipped with R
Bugzilla
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
bugzilla·2013-03-01·CVSS 6.8
CVE-2013-1788 [MEDIUM] CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 poppler various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91http://j00ru.vexillium.org/?p=1507http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.htmlhttp://secunia.com/advisories/52846http://ubuntu.com/usn/usn-1785-1http://www.debian.org/security/2013/dsa-2719http://www.mandriva.com/security/advisories?name=MDVSA-2013:143http://www.openwall.com/lists/oss-security/2013/02/28/4http://www.openwall.com/lists/oss-security/2013/02/28/8https://bugzilla.redhat.com/show_bug.cgi?id=917111http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91http://j00ru.vexillium.org/?p=1507http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.htmlhttp://secunia.com/advisories/52846http://ubuntu.com/usn/usn-1785-1http://www.debian.org/security/2013/dsa-2719http://www.mandriva.com/security/advisories?name=MDVSA-2013:143http://www.openwall.com/lists/oss-security/2013/02/28/4http://www.openwall.com/lists/oss-security/2013/02/28/8https://bugzilla.redhat.com/show_bug.cgi?id=917111
2013-04-09
Published