Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4474Improper Input Validation in Poppler

CWE-20Improper Input Validation11 documents9 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
25.4%
top 3.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Freedesktop PopplerCanonical Ubuntu Linux
Timeline
PublishedNov 23
Latest updateMay 17

Description

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianfreedesktop/poppler< 0.18.4-9+3
Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.4
NVDfreedesktop/poppler0.24.1+119

Also affects: Ubuntu Linux 12.04, 14.04, 15.10

🔴Vulnerability Details

4
GHSA
GHSA-7f6f-5883-mmhm: Format string vulnerability in the extractPages function in utils/pdfseparate2022-05-17
OSV
poppler vulnerabilities2016-05-02
OSV
CVE-2013-4474: Format string vulnerability in the extractPages function in utils/pdfseparate2013-11-23
CVEList
CVE-2013-4474: Format string vulnerability in the extractPages function in utils/pdfseparate2013-11-23

💥Exploits & PoCs

1
Exploit-DB
Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String2013-10-26

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2016-05-02
Red Hat
poppler: format string flaw in pdfseparate utility2013-10-26
Debian
CVE-2013-4474: poppler - Format string vulnerability in the extractPages function in utils/pdfseparate.cc...2013

💬Community

2
Bugzilla
CVE-2013-4472 CVE-2013-4473 CVE-2013-4474 poppler: various flaws [fedora-all]2013-10-30
Bugzilla
CVE-2013-4474 poppler: format string flaw in pdfseparate utility2013-10-30
CVE-2013-4474 — Improper Input Validation in Poppler | cvebase