[v2.5] CVE-2013-4473 CVE-2013-4474: poppler
Poppler is found to be affected by a stack based buffer overflow
vulnerability
in the pdfseparate utility. Successfully exploiting this issue could
allow
remote attackers to execute arbitrary code in the context of the
affected
application. Failed exploits may result in denial-of-service
conditions
(CVE-2013-4473).
The issue is said to be fixed in poppler 0.24.2
Poppler was found to have a user controlled format string vulnerability
because
it fails to sanitize user-supplied input. An attacker may exploit this
issue to
execute arbitrary code in the context of the vulnerable application.
Failed
exploit attempts will likely result in a denial-of-service condition
(CVE-2013-4474).
The issue is said to be fixed in Poppler 0.24.3.
References:
[ 1 ] Bug #1024753 - CVE-2013-4473 poppler: stack-based buffer
overflow in pdfseparate utility
https://bugzilla.redhat.com/show\_bug.cgi?id=1024753
[ 2 ] Bug #1024762 - CVE-2013-4474 poppler: format string flaw in
pdfseparate utility
https://bugzilla.redhat.com/show\_bug.cgi?id=1024762
(from redmine: issue id 2418, created on 2013-11-22, closed on 2013-12-04)
- Relations:
- parent #2416 (closed)
- Changesets:
- Revision b6fadbdd by Natanael Copa on 2013-12-03T11:47:57Z:
main/poppler: security fix (CVE-2013-4473,CVE-2013-4474)
fixes #2418