CVE-2013-4473
poppler < 0.24.2 - Stack-based Buffer Overflow via extractPages Function
Title source: llmDescription
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
References (9)
Core 9
Core References
Exploit x_refsource_confirm
http://bugs.debian.org/723124
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56567
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-21.xml
Exploit x_refsource_confirm
https://bugs.freedesktop.org/show_bug.cgi?id=69434
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2958-1
Exploit, Patch x_refsource_confirm
http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b
Various Sources x_refsource_confirm
http://cgit.freedesktop.org/poppler/poppler/tree/NEWS
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/63368
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/29/1
Scores
EPSS
0.0713
EPSS Percentile
93.5%
Details
CWE
CWE-119
Status
published
Products (50)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.10
freedesktop/poppler
0.1
freedesktop/poppler
0.1.1
freedesktop/poppler
0.1.2
freedesktop/poppler
0.2.0
freedesktop/poppler
0.3.0
freedesktop/poppler
0.3.1
freedesktop/poppler
0.3.2
... and 40 more
Published
Nov 23, 2013
Tracked Since
Feb 18, 2026