Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-1788

Published: 28 February 2013

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

Notes

AuthorNote
mdeslaur 
reproducers: 1150.pdf.asan.8.69, 2030.pdf.asan.69.463,
1091.pdf.asan.72.42, 1036.pdf.asan.23.17

Priority

Medium

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (0.12.4-0ubuntu5.3)
oneiric
Released (0.16.7-2ubuntu2.1)
precise
Released (0.18.4-1ubuntu3.1)
quantal
Released (0.20.4-0ubuntu1.2)
upstream
Released (0.22.1)
Patches:
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=d0df8e54512f584ca2b3edbae1c19e167948e5c3
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=0388837f01bc467045164f9ddaff787000a8caaa
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=957aa252912cde85d76c41e9710b33425a82b696
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bbc2d8918fe234b7ef2c480eb148943922cc0959

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading