CVE-2013-4473
published 2013-11-23CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
7.13%
93.5th percentile
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Affected
129 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | poppler | < poppler 0.18.4-9 (bookworm) | poppler 0.18.4-9 (bookworm) |
| freedesktop | poppler | <= 0.24.1 | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvvw-6cpg-ppq6: Stack-based buffer overflow in the extractPages function in utils/pdfseparate
ghsa_unreviewed·2022-05-17
CVE-2013-4473 [HIGH] CWE-119 GHSA-gvvw-6cpg-ppq6: Stack-based buffer overflow in the extractPages function in utils/pdfseparate
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
OSV
poppler vulnerabilities
osv·2016-05-02·CVSS 7.5
CVE-2013-4473 [HIGH] poppler vulnerabilities
poppler vulnerabilities
It was discovered that the poppler pdfseparate tool incorrectly handled
certain filenames. A local attacker could use this issue to cause the tool
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,
CVE-2013-4474)
It was discovered that poppler incorrectly parsed certain malformed PDF
documents. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or possibly
execute arbitrary code with privileges of the user invoking the program.
(CVE-2015-8868)
OSV
CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate
osv·2013-11-23·CVSS 7.5
CVE-2013-4473 [HIGH] CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2016-05-02·CVSS 7.5
CVE-2013-4473 [HIGH] poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler could be made to crash or run programs if it opened a specially
crafted file.
It was discovered that the poppler pdfseparate tool incorrectly handled
certain filenames. A local attacker could use this issue to cause the tool
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,
CVE-2013-4474)
It was discovered that poppler incorrectly parsed certain malformed PDF
documents. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or possibly
execute arbitrary code with privileges of the user invoking the program.
(CVE-2015-8868)
Instructions: In general, a standard system update will make al
Red Hat
poppler: stack-based buffer overflow in pdfseparate utility
vendor_redhat·2013-10-26·CVSS 7.5
CVE-2013-4473 [HIGH] CWE-121 poppler: stack-based buffer overflow in pdfseparate utility
poppler: stack-based buffer overflow in pdfseparate utility
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Statement: Not Vulnerable. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6.
Package: poppler (Red Hat Enterprise Linux 5) - Not affected
Package: poppler (Red Hat Enterprise Linux 6) - Not affected
Package: poppler (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-4473: poppler - Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc...
vendor_debian·2013·CVSS 7.5
CVE-2013-4473 [HIGH] CVE-2013-4473: poppler - Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc...
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Scope: local
bookworm: resolved (fixed in 0.18.4-9)
bullseye: resolved (fixed in 0.18.4-9)
forky: resolved (fixed in 0.18.4-9)
sid: resolved (fixed in 0.18.4-9)
trixie: resolved (fixed in 0.18.4-9)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4472 CVE-2013-4473 CVE-2013-4474 poppler: various flaws [fedora-all]
bugzilla·2013-10-30·CVSS 3.3
CVE-2013-4472 [LOW] CVE-2013-4472 CVE-2013-4473 CVE-2013-4474 poppler: various flaws [fedora-all]
CVE-2013-4472 CVE-2013-4473 CVE-2013-4474 poppler: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue aff
Bugzilla
CVE-2013-4473 poppler: stack-based buffer overflow in pdfseparate utility
bugzilla·2013-10-30·CVSS 7.5
CVE-2013-4473 [HIGH] CVE-2013-4473 poppler: stack-based buffer overflow in pdfseparate utility
CVE-2013-4473 poppler: stack-based buffer overflow in pdfseparate utility
Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits may result in denial-of-service conditions.
The issue is said to be fixed in poppler 0.24.2.
References:
http://seclists.org/oss-sec/2013/q4/181
Commit:
http://cgit.freedesktop.org/poppler/poppler/diff/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b
Discussion:
Created poppler tracking bugs for this issue:
Affects: fedora-all [bug 1024765]
---
This flaw affects the pdfseparate utility shipped with poppler. This utility is not shipped with the version of popp
http://bugs.debian.org/723124http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93bhttp://cgit.freedesktop.org/poppler/poppler/tree/NEWShttp://secunia.com/advisories/56567http://security.gentoo.org/glsa/glsa-201401-21.xmlhttp://www.openwall.com/lists/oss-security/2013/10/29/1http://www.securityfocus.com/bid/63368http://www.ubuntu.com/usn/USN-2958-1https://bugs.freedesktop.org/show_bug.cgi?id=69434http://bugs.debian.org/723124http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93bhttp://cgit.freedesktop.org/poppler/poppler/tree/NEWShttp://secunia.com/advisories/56567http://security.gentoo.org/glsa/glsa-201401-21.xmlhttp://www.openwall.com/lists/oss-security/2013/10/29/1http://www.securityfocus.com/bid/63368http://www.ubuntu.com/usn/USN-2958-1https://bugs.freedesktop.org/show_bug.cgi?id=69434
2013-11-23
Published