CVE-2012-2142

HIGH

poppler < 0.21.4 - Remote Code Execution via Terminal Escape Sequence

Title source: llm
STIX 2.1

Description

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

References (6)

Core 6
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/08/09/6
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/08/09/5
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=789936
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html

Scores

CVSS v3 7.8
EPSS 0.0294
EPSS Percentile 85.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (5)
freedesktop/poppler < 0.21.4
opensuse/opensuse 12.2
redhat/enterprise_linux 5.0
redhat/enterprise_linux 6.0
xpdfreader/xpdf 3.02
Published Jan 09, 2020
Tracked Since Feb 18, 2026