Vulnerability Details : CVE-2013-3718
evince is missing a check on number of pages which can lead to a segmentation fault
Vulnerability category: Memory CorruptionInput validation
Exploit prediction scoring system (EPSS) score for CVE-2013-3718
Probability of exploitation activity in the next 30 days: 0.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-3718
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2013-3718
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3718
-
http://bugzilla.gnome.org/show_bug.cgi?id=701302
Bug 701302 – Segfault on a corrupted PDF fileIssue Tracking;Patch;Vendor Advisory
-
https://security-tracker.debian.org/tracker/CVE-2013-3718
CVE-2013-3718Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718
1365025 – (CVE-2013-3718) CVE-2013-3718 evince: Missing check of number of pages leads to segmentation faultIssue Tracking;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718
Bug 970030 – VUL-1: CVE-2013-3718: evince: missing check on number of pagesIssue Tracking;Third Party Advisory
Products affected by CVE-2013-3718
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:evince:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:evince:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*