CVE-2013-7296

Poppler < 0.24.5 - Denial of Service via JBIG2Stream Format String

Title source: llm
STIX 2.1

Description

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

References (9)

Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56567
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/105
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-21.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90552
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1048199
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/97
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56776

Scores

EPSS 0.0223
EPSS Percentile 80.7%

Details

CWE
CWE-119
Status published
Products (50)
freedesktop/poppler 0.1
freedesktop/poppler 0.1.1
freedesktop/poppler 0.1.2
freedesktop/poppler 0.2.0
freedesktop/poppler 0.10.0
freedesktop/poppler 0.10.1
freedesktop/poppler 0.10.2
freedesktop/poppler 0.10.3
freedesktop/poppler 0.10.4
freedesktop/poppler 0.10.5
... and 40 more
Published Jan 26, 2014
Tracked Since Feb 18, 2026