CVE-2013-4473

poppler < 0.24.2 - Stack-based Buffer Overflow via extractPages Function

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

References (9)

Core 9
Core References
Exploit x_refsource_confirm
http://bugs.debian.org/723124
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56567
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-21.xml
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2958-1
Various Sources x_refsource_confirm
http://cgit.freedesktop.org/poppler/poppler/tree/NEWS
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/63368
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/29/1

Scores

EPSS 0.0713
EPSS Percentile 93.5%

Details

CWE
CWE-119
Status published
Products (50)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
freedesktop/poppler 0.1
freedesktop/poppler 0.1.1
freedesktop/poppler 0.1.2
freedesktop/poppler 0.2.0
freedesktop/poppler 0.3.0
freedesktop/poppler 0.3.1
freedesktop/poppler 0.3.2
... and 40 more
Published Nov 23, 2013
Tracked Since Feb 18, 2026