{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-24T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2013-3457", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"name": "MDVSA-2013:143", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"name": "FEDORA-2013-3473", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"name": "USN-1785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1785-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"}, {"tags": ["x_refsource_MISC"], "url": "http://j00ru.vexillium.org/?p=1507"}, {"name": "DSA-2719", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2719"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91"}, {"name": "52846", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52846"}, {"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2013-3457", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"name": "MDVSA-2013:143", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"name": "FEDORA-2013-3473", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"name": "USN-1785-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-1785-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=917111", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"}, {"name": "http://j00ru.vexillium.org/?p=1507", "refsource": "MISC", "url": "http://j00ru.vexillium.org/?p=1507"}, {"name": "DSA-2719", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2719"}, {"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91"}, {"name": "52846", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/52846"}, {"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:33.193Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2013-3457", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"name": "MDVSA-2013:143", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"name": "FEDORA-2013-3473", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"name": "USN-1785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1785-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://j00ru.vexillium.org/?p=1507"}, {"name": "DSA-2719", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2719"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91"}, {"name": "52846", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52846"}, {"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1790", "datePublished": "2013-04-09T20:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:13:33.193Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAD83B11-3EAC-4EF5-8E4B-664B9DC75E52", "versionEndIncluding": "0.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."}, {"lang": "es", "value": "poppler/Stream.cc en poppler anterior a 0.22.1 permite a atacantes dependientes de contexto tener un impacto no especificado a trav\u00e9s de vectores que provocan una lectura de memoria no inicializada por la funci\u00f3n CCITTFaxStream::lookChar"}], "id": "CVE-2013-1790", "lastModified": "2014-01-28T04:51:56.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-04-09T20:55:01.913", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91"}, {"source": "secalert@redhat.com", "url": "http://j00ru.vexillium.org/?p=1507"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52846"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1785-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2719"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "poppler: uninitialized memory read flaw", "id": "917111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."], "name": "CVE-2013-1790", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1790\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1790"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "poppler 0.22.1"}