CVE-2013-4474: Input Validation
First published: Sat Nov 23 2013(Updated: )
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Poppler Data | <=0.24.1 | |
| Poppler Data | =0.1 | |
| Poppler Data | =0.1.1 | |
| Poppler Data | =0.1.2 | |
| Poppler Data | =0.2.0 | |
| Poppler Data | =0.3.0 | |
| Poppler Data | =0.3.1 | |
| Poppler Data | =0.3.2 | |
| Poppler Data | =0.3.3 | |
| Poppler Data | =0.4.0 | |
| Poppler Data | =0.4.1 | |
| Poppler Data | =0.4.2 | |
| Poppler Data | =0.4.3 | |
| Poppler Data | =0.4.4 | |
| Poppler Data | =0.5.0 | |
| Poppler Data | =0.5.1 | |
| Poppler Data | =0.5.2 | |
| Poppler Data | =0.5.3 | |
| Poppler Data | =0.5.4 | |
| Poppler Data | =0.5.9 | |
| Poppler Data | =0.5.90 | |
| Poppler Data | =0.5.91 | |
| Poppler Data | =0.6.0 | |
| Poppler Data | =0.6.1 | |
| Poppler Data | =0.6.2 | |
| Poppler Data | =0.6.3 | |
| Poppler Data | =0.6.4 | |
| Poppler Data | =0.7.0 | |
| Poppler Data | =0.7.1 | |
| Poppler Data | =0.7.2 | |
| Poppler Data | =0.7.3 | |
| Poppler Data | =0.8.0 | |
| Poppler Data | =0.8.1 | |
| Poppler Data | =0.8.2 | |
| Poppler Data | =0.8.3 | |
| Poppler Data | =0.8.4 | |
| Poppler Data | =0.8.5 | |
| Poppler Data | =0.8.6 | |
| Poppler Data | =0.8.7 | |
| Poppler Data | =0.9.0 | |
| Poppler Data | =0.9.1 | |
| Poppler Data | =0.9.2 | |
| Poppler Data | =0.9.3 | |
| Poppler Data | =0.10.0 | |
| Poppler Data | =0.10.1 | |
| Poppler Data | =0.10.2 | |
| Poppler Data | =0.10.3 | |
| Poppler Data | =0.10.4 | |
| Poppler Data | =0.10.5 | |
| Poppler Data | =0.10.6 | |
| Poppler Data | =0.10.7 | |
| Poppler Data | =0.11.0 | |
| Poppler Data | =0.11.1 | |
| Poppler Data | =0.11.2 | |
| Poppler Data | =0.11.3 | |
| Poppler Data | =0.12.0 | |
| Poppler Data | =0.12.1 | |
| Poppler Data | =0.12.2 | |
| Poppler Data | =0.12.3 | |
| Poppler Data | =0.12.4 | |
| Poppler Data | =0.13.0 | |
| Poppler Data | =0.13.1 | |
| Poppler Data | =0.13.2 | |
| Poppler Data | =0.13.3 | |
| Poppler Data | =0.13.4 | |
| Poppler Data | =0.14.0 | |
| Poppler Data | =0.14.1 | |
| Poppler Data | =0.14.2 | |
| Poppler Data | =0.14.3 | |
| Poppler Data | =0.14.4 | |
| Poppler Data | =0.14.5 | |
| Poppler Data | =0.15.0 | |
| Poppler Data | =0.15.1 | |
| Poppler Data | =0.15.2 | |
| Poppler Data | =0.15.3 | |
| Poppler Data | =0.16.0 | |
| Poppler Data | =0.16.1 | |
| Poppler Data | =0.16.2 | |
| Poppler Data | =0.16.3 | |
| Poppler Data | =0.16.4 | |
| Poppler Data | =0.16.5 | |
| Poppler Data | =0.16.6 | |
| Poppler Data | =0.16.7 | |
| Poppler Data | =0.17.0 | |
| Poppler Data | =0.17.1 | |
| Poppler Data | =0.17.2 | |
| Poppler Data | =0.17.3 | |
| Poppler Data | =0.17.4 | |
| Poppler Data | =0.18.0 | |
| Poppler Data | =0.18.1 | |
| Poppler Data | =0.18.2 | |
| Poppler Data | =0.18.3 | |
| Poppler Data | =0.18.4 | |
| Poppler Data | =0.19.0 | |
| Poppler Data | =0.19.1 | |
| Poppler Data | =0.19.2 | |
| Poppler Data | =0.19.3 | |
| Poppler Data | =0.19.4 | |
| Poppler Data | =0.20.0 | |
| Poppler Data | =0.20.1 | |
| Poppler Data | =0.20.2 | |
| Poppler Data | =0.20.3 | |
| Poppler Data | =0.20.4 | |
| Poppler Data | =0.20.5 | |
| Poppler Data | =0.21.0 | |
| Poppler Data | =0.21.1 | |
| Poppler Data | =0.21.2 | |
| Poppler Data | =0.21.3 | |
| Poppler Data | =0.21.4 | |
| Poppler Data | =0.22.0 | |
| Poppler Data | =0.22.1 | |
| Poppler Data | =0.22.2 | |
| Poppler Data | =0.22.3 | |
| Poppler Data | =0.22.4 | |
| Poppler Data | =0.23.0 | |
| Poppler Data | =0.23.1 | |
| Poppler Data | =0.23.2 | |
| Poppler Data | =0.23.3 | |
| Poppler Data | =0.23.4 | |
| Poppler Data | =0.24.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/723124
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75
- http://secunia.com/advisories/56567
- http://security.gentoo.org/glsa/glsa-201401-21.xml
- http://www.openwall.com/lists/oss-security/2013/10/29/1
- http://www.securityfocus.com/bid/63374
- http://www.ubuntu.com/usn/USN-2958-1
- https://bugs.freedesktop.org/show_bug.cgi?id=69434
Frequently Asked Questions
What is the severity of CVE-2013-4474?
CVE-2013-4474 has a severity rating that can lead to denial of service via crashes.
How do I fix CVE-2013-4474?
To fix CVE-2013-4474, update poppler to version 0.24.3 or later.
Which versions of Poppler are vulnerable to CVE-2013-4474?
Versions of Poppler prior to 0.24.3, including all versions up to and including 0.24.1, are vulnerable to CVE-2013-4474.
On which operating systems can CVE-2013-4474 be found?
CVE-2013-4474 affects Poppler installations on Ubuntu Linux versions 12.04, 14.04, and 15.10.
What type of vulnerability is CVE-2013-4474?
CVE-2013-4474 is a format string vulnerability that can be exploited through specially crafted filenames.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- vendor/freedesktop
- canonical/poppler data
- version/poppler data/0.24.1
- version/poppler data/0.1
- version/poppler data/0.1.1
- version/poppler data/0.1.2
- version/poppler data/0.2.0
- version/poppler data/0.3.0
- version/poppler data/0.3.1
- version/poppler data/0.3.2
- version/poppler data/0.3.3
- version/poppler data/0.4.0
- version/poppler data/0.4.1
- version/poppler data/0.4.2
- version/poppler data/0.4.3
- version/poppler data/0.4.4
- version/poppler data/0.5.0
- version/poppler data/0.5.1
- version/poppler data/0.5.2
- version/poppler data/0.5.3
- version/poppler data/0.5.4
- version/poppler data/0.5.9
- version/poppler data/0.5.90
- version/poppler data/0.5.91
- version/poppler data/0.6.0
- version/poppler data/0.6.1
- version/poppler data/0.6.2
- version/poppler data/0.6.3
- version/poppler data/0.6.4
- version/poppler data/0.7.0
- version/poppler data/0.7.1
- version/poppler data/0.7.2
- version/poppler data/0.7.3
- version/poppler data/0.8.0
- version/poppler data/0.8.1
- version/poppler data/0.8.2
- version/poppler data/0.8.3
- version/poppler data/0.8.4
- version/poppler data/0.8.5
- version/poppler data/0.8.6
- version/poppler data/0.8.7
- version/poppler data/0.9.0
- version/poppler data/0.9.1
- version/poppler data/0.9.2
- version/poppler data/0.9.3
- version/poppler data/0.10.0
- version/poppler data/0.10.1
- version/poppler data/0.10.2
- version/poppler data/0.10.3
- version/poppler data/0.10.4
- version/poppler data/0.10.5
- version/poppler data/0.10.6
- version/poppler data/0.10.7
- version/poppler data/0.11.0
- version/poppler data/0.11.1
- version/poppler data/0.11.2
- version/poppler data/0.11.3
- version/poppler data/0.12.0
- version/poppler data/0.12.1
- version/poppler data/0.12.2
- version/poppler data/0.12.3
- version/poppler data/0.12.4
- version/poppler data/0.13.0
- version/poppler data/0.13.1
- version/poppler data/0.13.2
- version/poppler data/0.13.3
- version/poppler data/0.13.4
- version/poppler data/0.14.0
- version/poppler data/0.14.1
- version/poppler data/0.14.2
- version/poppler data/0.14.3
- version/poppler data/0.14.4
- version/poppler data/0.14.5
- version/poppler data/0.15.0
- version/poppler data/0.15.1
- version/poppler data/0.15.2
- version/poppler data/0.15.3
- version/poppler data/0.16.0
- version/poppler data/0.16.1
- version/poppler data/0.16.2
- version/poppler data/0.16.3
- version/poppler data/0.16.4
- version/poppler data/0.16.5
- version/poppler data/0.16.6
- version/poppler data/0.16.7
- version/poppler data/0.17.0
- version/poppler data/0.17.1
- version/poppler data/0.17.2
- version/poppler data/0.17.3
- version/poppler data/0.17.4
- version/poppler data/0.18.0
- version/poppler data/0.18.1
- version/poppler data/0.18.2
- version/poppler data/0.18.3
- version/poppler data/0.18.4
- version/poppler data/0.19.0
- version/poppler data/0.19.1
- version/poppler data/0.19.2
- version/poppler data/0.19.3
- version/poppler data/0.19.4
- version/poppler data/0.20.0
- version/poppler data/0.20.1
- version/poppler data/0.20.2
- version/poppler data/0.20.3
- version/poppler data/0.20.4
- version/poppler data/0.20.5
- version/poppler data/0.21.0
- version/poppler data/0.21.1
- version/poppler data/0.21.2
- version/poppler data/0.21.3
- version/poppler data/0.21.4
- version/poppler data/0.22.0
- version/poppler data/0.22.1
- version/poppler data/0.22.2
- version/poppler data/0.22.3
- version/poppler data/0.22.4
- version/poppler data/0.23.0
- version/poppler data/0.23.1
- version/poppler data/0.23.2
- version/poppler data/0.23.3
- version/poppler data/0.23.4
- version/poppler data/0.24.0