CVE-2012-2142
HIGHpoppler < 0.21.4 - Remote Code Execution via Terminal Escape Sequence
Title source: llmDescription
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
References (6)
Core 6
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/08/09/6
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/08/09/5
Patch, Vendor Advisory x_refsource_misc
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
Patch, Vendor Advisory x_refsource_misc
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=789936
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html
Scores
CVSS v3
7.8
EPSS
0.0294
EPSS Percentile
85.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (5)
freedesktop/poppler
< 0.21.4
opensuse/opensuse
12.2
redhat/enterprise_linux
5.0
redhat/enterprise_linux
6.0
xpdfreader/xpdf
3.02
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026