CVE-2013-7296Improper Restriction of Operations within the Bounds of a Memory Buffer in Poppler

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
2.5%
top 14.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedJan 26
Latest updateMay 17

Description

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Ubuntufreedesktop/poppler< 0.24.5-2ubuntu4.3
NVDfreedesktop/poppler0.24.3+83

🔴Vulnerability Details

3
GHSA
GHSA-255c-8m52-v92x: The JBIG2Stream::readSegments method in JBIG2Stream2022-05-17
CVEList
CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream2014-01-26
OSV
CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream2014-01-26

📋Vendor Advisories

2
Red Hat
poppler: DoS due to a format string error2013-12-07
Debian
CVE-2013-7296: poppler - The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 ...2013

💬Community

1
Bugzilla
CVE-2013-7296 poppler: DoS due to a format string error2014-01-03
CVE-2013-7296 — Freedesktop Poppler vulnerability | cvebase