CVE-2013-7296
Poppler < 0.24.5 - Denial of Service via JBIG2Stream Format String
Title source: llmDescription
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56567
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/105
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-21.xml
Patch x_refsource_misc
http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90552
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1048199
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/97
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56776
Scores
EPSS
0.0223
EPSS Percentile
80.7%
Details
CWE
CWE-119
Status
published
Products (50)
freedesktop/poppler
0.1
freedesktop/poppler
0.1.1
freedesktop/poppler
0.1.2
freedesktop/poppler
0.2.0
freedesktop/poppler
0.10.0
freedesktop/poppler
0.10.1
freedesktop/poppler
0.10.2
freedesktop/poppler
0.10.3
freedesktop/poppler
0.10.4
freedesktop/poppler
0.10.5
... and 40 more
Published
Jan 26, 2014
Tracked Since
Feb 18, 2026