[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-7296Date: (C)2014-01-28   (M)2023-12-22


The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-56567
SECUNIA-56776
FEDORA-2014-0156
GLSA-201401-21
http://seclists.org/oss-sec/2014/q1/97
http://seclists.org/oss-sec/2014/q1/105
http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684
https://bugzilla.redhat.com/show_bug.cgi?id=1048199
poppler-jbig2stream-readsegments-dos(90552)

CPE    84
cpe:/a:freedesktop:poppler:0.1
cpe:/a:freedesktop:poppler:0.23.3
cpe:/a:freedesktop:poppler:0.23.4
cpe:/a:freedesktop:poppler
...
CWE    1
CWE-119
OVAL    2
oval:org.secpod.oval:def:106291
oval:org.secpod.oval:def:106289

© SecPod Technologies