CVE-2013-7296
published 2014-01-26CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.23%
80.6th percentile
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
Affected
86 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | — | — |
| freedesktop | poppler | <= 0.24.3 | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
poppler: DoS due to a format string error
vendor_redhat·2013-12-07·CVSS 5.0
CVE-2013-7296 [MEDIUM] poppler: DoS due to a format string error
poppler: DoS due to a format string error
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
Statement: Not Vulnerable. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6.
Package: poppler (Red Hat Enterprise Linux 5) - Not affected
Package: poppler (Red Hat Enterprise Linux 6) - Not affected
Package: poppler (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-7296: poppler - The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 ...
vendor_debian·2013·CVSS 5.0
CVE-2013-7296 [MEDIUM] CVE-2013-7296: poppler - The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 ...
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-255c-8m52-v92x: The JBIG2Stream::readSegments method in JBIG2Stream
ghsa_unreviewed·2022-05-17
CVE-2013-7296 [MEDIUM] CWE-119 GHSA-255c-8m52-v92x: The JBIG2Stream::readSegments method in JBIG2Stream
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
OSV
CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream
osv·2014-01-26·CVSS 5.0
CVE-2013-7296 [MEDIUM] CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
No detection rules found.
No public exploits indexed.
http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.htmlhttp://seclists.org/oss-sec/2014/q1/105http://seclists.org/oss-sec/2014/q1/97http://secunia.com/advisories/56567http://secunia.com/advisories/56776http://security.gentoo.org/glsa/glsa-201401-21.xmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1048199https://exchange.xforce.ibmcloud.com/vulnerabilities/90552http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.htmlhttp://seclists.org/oss-sec/2014/q1/105http://seclists.org/oss-sec/2014/q1/97http://secunia.com/advisories/56567http://secunia.com/advisories/56776http://security.gentoo.org/glsa/glsa-201401-21.xmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1048199https://exchange.xforce.ibmcloud.com/vulnerabilities/90552
2014-01-26
Published