User: Password:
Subscribe / Log in / New account

poppler: multiple vulnerabilities

Package(s):poppler CVE #(s):CVE-2013-4473 CVE-2013-4474
Created:November 11, 2013 Updated:January 22, 2014
Description: From the Red Hat bugzilla [1, 2]:

Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits may result in denial-of-service conditions.

The issue is said to be fixed in poppler 0.24.2. (CVE-2013-4473)

Poppler was found to have a user controlled format string vulnerability because it fails to sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

The issue is said to be fixed in Poppler 0.24.3. (CVE-2013-4474)

Gentoo 201401-21 poppler 2014-01-21
Mandriva MDVSA-2013:272 poppler 2013-11-21
Fedora FEDORA-2013-20410 poppler 2013-11-16
Fedora FEDORA-2013-20443 poppler 2013-11-11
Mageia MGASA-2013-0332 poppler 2013-11-20
Ubuntu USN-2958-1 poppler 2016-05-02

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds