CVE-2012-2142
First published: Mon Feb 13 2012(Updated: )
An insufficient escape sequences sanitization flaw was found in the way xpdf, a PDF file viewer for the X window system, and poppler, a PDF rendering library, performed sanitization of certain characters to be displayed in the error messages, which arose during presentation of certain PDF files. A remote attacker could use this flaw to modify a window's title, or, possibly execute arbitrary commands or overwrite files, via a specially-crafted PDF file containing an escape sequence for a terminal emulator if local, unsuspecting user opened such crafted PDF file in xpdf or in an application linked against poppler library (for example evince).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| freedesktop poppler | <0.21.4 | |
| Xpdf | =3.02 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| openSUSE | =12.2 |
Remedy
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
Remedy
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
- http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html
- http://www.openwall.com/lists/oss-security/2013/08/09/5
- http://www.openwall.com/lists/oss-security/2013/08/09/6
- https://bugzilla.redhat.com/show_bug.cgi?id=789936
- https://access.redhat.com/security/cve/CVE-2012-2142
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=784759&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=784759&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=995400
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=995401
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=995402
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=789936#c28
- http://cgit.freedesktop.org/poppler/poppler/commit/
- http://www.openwall.com/lists/oss-security/2013/08/11/1
- http://sourceforge.net/projects/miscellaneouspa/files/misc/xpdf-3.03-CVE-2012-2142.diff
- https://access.redhat.com/security/cve/cve-2012-2142
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2012-2142.
What is the severity of vulnerability CVE-2012-2142?
The severity of vulnerability CVE-2012-2142 is high with a severity value of 7.8.
Which software versions are affected by CVE-2012-2142?
The software versions affected by CVE-2012-2142 are poppler before 0.21.4, Xpdfreader 3.02, Redhat Enterprise Linux 5.0 and 6.0, and Opensuse 12.2.
How does CVE-2012-2142 allow remote attackers to execute arbitrary commands?
CVE-2012-2142 allows remote attackers to execute arbitrary commands by exploiting the escape sequence for a terminal emulator in a PDF.
How can I fix vulnerability CVE-2012-2142?
To fix vulnerability CVE-2012-2142, it is recommended to update to poppler version 0.21.4 or apply the relevant security patches from the respective vendor.
- agent/type
- agent/remedy
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2142
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freedesktop
- canonical/freedesktop poppler
- vendor/xpdfreader
- canonical/xpdf
- version/xpdf/3.02
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- version/red hat enterprise linux/6.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.2