CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
freedesktoppoppler
𝑥
≤ 0.24.1
freedesktoppoppler
0.1
freedesktoppoppler
0.1.1
freedesktoppoppler
0.1.2
freedesktoppoppler
0.2.0
freedesktoppoppler
0.3.0
freedesktoppoppler
0.3.1
freedesktoppoppler
0.3.2
freedesktoppoppler
0.3.3
freedesktoppoppler
0.4.0
freedesktoppoppler
0.4.1
freedesktoppoppler
0.4.2
freedesktoppoppler
0.4.3
freedesktoppoppler
0.4.4
freedesktoppoppler
0.5.0
freedesktoppoppler
0.5.1
freedesktoppoppler
0.5.2
freedesktoppoppler
0.5.3
freedesktoppoppler
0.5.4
freedesktoppoppler
0.5.9
freedesktoppoppler
0.5.90
freedesktoppoppler
0.5.91
freedesktoppoppler
0.6.0
freedesktoppoppler
0.6.1
freedesktoppoppler
0.6.2
freedesktoppoppler
0.6.3
freedesktoppoppler
0.6.4
freedesktoppoppler
0.7.0
freedesktoppoppler
0.7.1
freedesktoppoppler
0.7.2
freedesktoppoppler
0.7.3
freedesktoppoppler
0.8.0
freedesktoppoppler
0.8.1
freedesktoppoppler
0.8.2
freedesktoppoppler
0.8.3
freedesktoppoppler
0.8.4
freedesktoppoppler
0.8.5
freedesktoppoppler
0.8.6
freedesktoppoppler
0.8.7
freedesktoppoppler
0.9.0
freedesktoppoppler
0.9.1
freedesktoppoppler
0.9.2
freedesktoppoppler
0.9.3
freedesktoppoppler
0.10.0
freedesktoppoppler
0.10.1
freedesktoppoppler
0.10.2
freedesktoppoppler
0.10.3
freedesktoppoppler
0.10.4
freedesktoppoppler
0.10.5
freedesktoppoppler
0.10.6
freedesktoppoppler
0.10.7
freedesktoppoppler
0.11.0
freedesktoppoppler
0.11.1
freedesktoppoppler
0.11.2
freedesktoppoppler
0.11.3
freedesktoppoppler
0.12.0
freedesktoppoppler
0.12.1
freedesktoppoppler
0.12.2
freedesktoppoppler
0.12.3
freedesktoppoppler
0.12.4
freedesktoppoppler
0.13.0
freedesktoppoppler
0.13.1
freedesktoppoppler
0.13.2
freedesktoppoppler
0.13.3
freedesktoppoppler
0.13.4
freedesktoppoppler
0.14.0
freedesktoppoppler
0.14.1
freedesktoppoppler
0.14.2
freedesktoppoppler
0.14.3
freedesktoppoppler
0.14.4
freedesktoppoppler
0.14.5
freedesktoppoppler
0.15.0
freedesktoppoppler
0.15.1
freedesktoppoppler
0.15.2
freedesktoppoppler
0.15.3
freedesktoppoppler
0.16.0
freedesktoppoppler
0.16.1
freedesktoppoppler
0.16.2
freedesktoppoppler
0.16.3
freedesktoppoppler
0.16.4
freedesktoppoppler
0.16.5
freedesktoppoppler
0.16.6
freedesktoppoppler
0.16.7
freedesktoppoppler
0.17.0
freedesktoppoppler
0.17.1
freedesktoppoppler
0.17.2
freedesktoppoppler
0.17.3
freedesktoppoppler
0.17.4
freedesktoppoppler
0.18.0
freedesktoppoppler
0.18.1
freedesktoppoppler
0.18.2
freedesktoppoppler
0.18.3
freedesktoppoppler
0.18.4
freedesktoppoppler
0.19.0
freedesktoppoppler
0.19.1
freedesktoppoppler
0.19.2
freedesktoppoppler
0.19.3
freedesktoppoppler
0.19.4
freedesktoppoppler
0.20.0
freedesktoppoppler
0.20.1
freedesktoppoppler
0.20.2
freedesktoppoppler
0.20.3
freedesktoppoppler
0.20.4
freedesktoppoppler
0.20.5
freedesktoppoppler
0.21.0
freedesktoppoppler
0.21.1
freedesktoppoppler
0.21.2
freedesktoppoppler
0.21.3
freedesktoppoppler
0.21.4
freedesktoppoppler
0.22.0
freedesktoppoppler
0.22.1
freedesktoppoppler
0.22.2
freedesktoppoppler
0.22.3
freedesktoppoppler
0.22.4
freedesktoppoppler
0.23.0
freedesktoppoppler
0.23.1
freedesktoppoppler
0.23.2
freedesktoppoppler
0.23.3
freedesktoppoppler
0.23.4
freedesktoppoppler
0.24.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
squeeze
not-affected
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
lucid
not-affected
precise
Fixed 0.18.4-1ubuntu3.2
released
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpoppler-cpp0
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-devel
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-glib-devel
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-glib8
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-qt4-4
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler44
suse enterprise server 12 SP2
0.24.4-12.1
fixed
libpoppler60
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler73
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
poppler-tools
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
typelib-1_0-Poppler-0_18
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
Common Weakness Enumeration
References
http://bugs.debian.org/723124
http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75
http://secunia.com/advisories/56567
http://security.gentoo.org/glsa/glsa-201401-21.xml
http://www.openwall.com/lists/oss-security/2013/10/29/1
http://www.securityfocus.com/bid/63374
http://www.ubuntu.com/usn/USN-2958-1
https://bugs.freedesktop.org/show_bug.cgi?id=69434
http://bugs.debian.org/723124
http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75
http://secunia.com/advisories/56567
http://security.gentoo.org/glsa/glsa-201401-21.xml
http://www.openwall.com/lists/oss-security/2013/10/29/1
http://www.securityfocus.com/bid/63374
http://www.ubuntu.com/usn/USN-2958-1
https://bugs.freedesktop.org/show_bug.cgi?id=69434