Vulnerability Details : CVE-2013-3718
evince is missing a check on number of pages which can lead to a segmentation fault
Vulnerability category: Memory CorruptionInput validation
Products affected by CVE-2013-3718
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:evince:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:evince:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3718
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3718
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2013-3718
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3718
-
http://bugzilla.gnome.org/show_bug.cgi?id=701302
Bug 701302 – Segfault on a corrupted PDF fileIssue Tracking;Patch;Vendor Advisory
-
https://security-tracker.debian.org/tracker/CVE-2013-3718
CVE-2013-3718Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718
1365025 – (CVE-2013-3718) CVE-2013-3718 evince: Missing check of number of pages leads to segmentation faultIssue Tracking;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718
Bug 970030 – VUL-1: CVE-2013-3718: evince: missing check on number of pagesIssue Tracking;Third Party Advisory
Jump to