{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an \"invalid memory access\" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-24T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696"}, {"name": "FEDORA-2013-3457", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"name": "MDVSA-2013:143", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"name": "FEDORA-2013-3473", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"name": "USN-1785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1785-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"}, {"tags": ["x_refsource_MISC"], "url": "http://j00ru.vexillium.org/?p=1507"}, {"name": "DSA-2719", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2719"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa"}, {"name": "52846", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52846"}, {"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:33.303Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696"}, {"name": "FEDORA-2013-3457", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"name": "MDVSA-2013:143", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"name": "FEDORA-2013-3473", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"name": "USN-1785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1785-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://j00ru.vexillium.org/?p=1507"}, {"name": "DSA-2719", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2719"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa"}, {"name": "52846", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52846"}, {"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1788", "datePublished": "2013-04-09T20:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:13:33.303Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAD83B11-3EAC-4EF5-8E4B-664B9DC75E52", "versionEndIncluding": "0.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an \"invalid memory access\" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc."}, {"lang": "es", "value": "poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) y, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores que disparan un \"acceso de memoria invalida\" en (1) splash/Splash.cc, (2) poppler/Function.cc, y (3) poppler/Stream.cc."}], "id": "CVE-2013-1788", "lastModified": "2014-01-28T04:51:56.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-04-09T20:55:01.850", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"}, {"source": "secalert@redhat.com", "url": "http://j00ru.vexillium.org/?p=1507"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52846"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1785-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2719"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "poppler: multiple invalid memory access flaws", "id": "917108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an \"invalid memory access\" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc."], "name": "CVE-2013-1788", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-01-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1788\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1788"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}