CVE-2013-4474

Priority
Description
Format string vulnerability in the extractPages function in
utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to
cause a denial of service (crash) via format string specifiers in a
destination filename.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.24.3)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [0.24.3-0ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.24.3-0ubuntu1)
Patches:
Upstream:http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75
Vendor:http://anonscm.debian.org/cgit/pkg-freedesktop/poppler.git/tree/debian/patches/upstream_Allow-only-one-d-in-the-filename.diff?id=03dc7c0c4ab7d792eecbd94234e1b46f2fbcf6c9
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#fortify-source
More Information

Updated: 2020-03-18 22:13:20 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)