Vulnerability Details : CVE-2013-4473
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2013-4473
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4473
6.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4473
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4473
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4473
-
https://bugs.freedesktop.org/show_bug.cgi?id=69434
69434 – segmentation fault (and probable stack smashing) in pdfseparateExploit
-
http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b
poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler)Exploit;Patch
-
http://www.securityfocus.com/bid/63368
Poppler 'utils/pdfseparate.cc' File Stack Based Buffer Overflow Vulnerability
-
http://security.gentoo.org/glsa/glsa-201401-21.xml
Poppler: Multiple vulnerabilities (GLSA 201401-21) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2958-1
USN-2958-1: poppler vulnerabilities | Ubuntu security notices
-
http://bugs.debian.org/723124
#723124 - /usr/bin/pdfseparate: pdfseparate segfault based on filenames (possibly exploitable) - Debian Bug report logsExploit
-
http://www.openwall.com/lists/oss-security/2013/10/29/1
oss-security - Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf
-
http://cgit.freedesktop.org/poppler/poppler/tree/NEWS
NEWS - poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler)
Jump to