CVE-2015-8868
published 2016-05-06CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of…
PriorityP340high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
4.56%
90.4th percentile
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | poppler | < poppler 0.38.0-3 (bookworm) | poppler 0.38.0-3 (bookworm) |
| fedoraproject | fedora | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | >= 0 < 0.38.0-3 | 0.38.0-3 |
| freedesktop | poppler | >= 0 < 0.38.0-3 | 0.38.0-3 |
| freedesktop | poppler | >= 0 < 0.38.0-3 | 0.38.0-3 |
| freedesktop | poppler | >= 0 < 0.38.0-3 | 0.38.0-3 |
| freedesktop | poppler | >= 0 < 0.24.5-2ubuntu4.4 | 0.24.5-2ubuntu4.4 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2016-05-02·CVSS 7.5
CVE-2013-4473 [HIGH] poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler could be made to crash or run programs if it opened a specially
crafted file.
It was discovered that the poppler pdfseparate tool incorrectly handled
certain filenames. A local attacker could use this issue to cause the tool
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,
CVE-2013-4474)
It was discovered that poppler incorrectly parsed certain malformed PDF
documents. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or possibly
execute arbitrary code with privileges of the user invoking the program.
(CVE-2015-8868)
Instructions: In general, a standard system update will make al
Red Hat
poppler: heap buffer overflow in ExponentialFunction
vendor_redhat·2016-04-11·CVSS 7.8
CVE-2015-8868 [HIGH] CWE-122 poppler: heap buffer overflow in ExponentialFunction
poppler: heap buffer overflow in ExponentialFunction
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened.
Package: poppler (Red Hat Enterprise Linux 5) - Not affected
Package: poppler (Red Hat Enterprise Linux 6) - Will not fix
Package: compat-poppler022 (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2015-8868: poppler - Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction funct...
vendor_debian·2015·CVSS 7.8
CVE-2015-8868 [HIGH] CVE-2015-8868: poppler - Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction funct...
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.38.0-3)
bullseye: resolved (fixed in 0.38.0-3)
forky: resolved (fixed in 0.38.0-3)
sid: resolved (fixed in 0.38.0-3)
trixie: resolved (fixed in 0.38.0-3)
GHSA
GHSA-x4hh-g34g-m3m8: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0
ghsa_unreviewed·2022-05-14
CVE-2015-8868 [HIGH] CWE-119 GHSA-x4hh-g34g-m3m8: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
OSV
CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0
osv·2016-05-06·CVSS 7.8
CVE-2015-8868 [HIGH] CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
OSV
poppler vulnerabilities
osv·2016-05-02·CVSS 7.5
CVE-2013-4473 [HIGH] poppler vulnerabilities
poppler vulnerabilities
It was discovered that the poppler pdfseparate tool incorrectly handled
certain filenames. A local attacker could use this issue to cause the tool
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,
CVE-2013-4474)
It was discovered that poppler incorrectly parsed certain malformed PDF
documents. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or possibly
execute arbitrary code with privileges of the user invoking the program.
(CVE-2015-8868)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction
bugzilla·2016-04-12·CVSS 7.8
CVE-2015-8868 [HIGH] CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction
CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction
A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash.
Upstream fix:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
References (reproducer attached):
http://seclists.org/oss-sec/2016/q2/56
Discussion:
Created mingw-poppler tracking bugs for this issue:
Affects: fedora-all [bug 1326228]
---
Created poppler tracking bugs for this issue:
Affects: fedora-all [bug 1326226]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:2580 https://rhn.redhat.com/errata/RHSA-2016-2580.html
Bugzilla
CVE-2015-8868 poppler: heap buffer overflow [fedora-all]
bugzilla·2016-04-12·CVSS 7.8
CVE-2015-8868 [HIGH] CVE-2015-8868 poppler: heap buffer overflow [fedora-all]
CVE-2015-8868 poppler: heap buffer overflow [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
on
Bugzilla
CVE-2015-8868 mingw-poppler: poppler: heap buffer overflow [fedora-all]
bugzilla·2016-04-12·CVSS 7.8
CVE-2015-8868 [HIGH] CVE-2015-8868 mingw-poppler: poppler: heap buffer overflow [fedora-all]
CVE-2015-8868 mingw-poppler: poppler: heap buffer overflow [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00068.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00077.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2580.htmlhttp://www.debian.org/security/2016/dsa-3563http://www.openwall.com/lists/oss-security/2016/04/12/1http://www.securityfocus.com/bid/89324http://www.ubuntu.com/usn/USN-2958-1https://bugs.freedesktop.org/show_bug.cgi?id=93476https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433https://poppler.freedesktop.org/releases.htmlhttps://security.gentoo.org/glsa/201611-15http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00068.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00077.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2580.htmlhttp://www.debian.org/security/2016/dsa-3563http://www.openwall.com/lists/oss-security/2016/04/12/1http://www.securityfocus.com/bid/89324http://www.ubuntu.com/usn/USN-2958-1https://bugs.freedesktop.org/show_bug.cgi?id=93476https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433https://poppler.freedesktop.org/releases.htmlhttps://security.gentoo.org/glsa/201611-15
2016-05-06
Published