CVE-2013-4473Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow10 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.3%
top 15.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerCanonical Ubuntu Linux
Timeline
PublishedNov 23
Latest updateMay 17

Description

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Debianfreedesktop/poppler< 0.18.4-9+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.4
NVDfreedesktop/poppler0.24.1+119

Also affects: Ubuntu Linux 12.04, 14.04, 15.10

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

4
GHSA
GHSA-gvvw-6cpg-ppq6: Stack-based buffer overflow in the extractPages function in utils/pdfseparate2022-05-17
OSV
poppler vulnerabilities2016-05-02
CVEList
CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate2013-11-23
OSV
CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate2013-11-23

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2016-05-02
Red Hat
poppler: stack-based buffer overflow in pdfseparate utility2013-10-26
Debian
CVE-2013-4473: poppler - Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc...2013

💬Community

2
Bugzilla
CVE-2013-4472 CVE-2013-4473 CVE-2013-4474 poppler: various flaws [fedora-all]2013-10-30
Bugzilla
CVE-2013-4473 poppler: stack-based buffer overflow in pdfseparate utility2013-10-30
CVE-2013-4473 — Freedesktop Poppler vulnerability | cvebase