CVE-2012-2142

EUVD-2012-2139
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
freedesktoppoppler
𝑥
< 0.21.4
xpdfreaderxpdf
3.02
redhatenterprise_linux
5.0
redhatenterprise_linux
6.0
opensuseopensuse
12.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
xpdf
bookworm
3.04+git20220601-1
fixed
bullseye
3.04+git20210103-3
fixed
sid
3.04+git20240613-1
fixed
trixie
3.04+git20240613-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
xpdf
lucid
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
References
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html
http://www.openwall.com/lists/oss-security/2013/08/09/5
http://www.openwall.com/lists/oss-security/2013/08/09/6
https://bugzilla.redhat.com/show_bug.cgi?id=789936
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html
http://www.openwall.com/lists/oss-security/2013/08/09/5
http://www.openwall.com/lists/oss-security/2013/08/09/6
https://bugzilla.redhat.com/show_bug.cgi?id=789936