CVE-2013-7296

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
freedesktoppoppler
𝑥
≤ 0.24.3
freedesktoppoppler
0.1
freedesktoppoppler
0.1.1
freedesktoppoppler
0.1.2
freedesktoppoppler
0.2.0
freedesktoppoppler
0.10.0
freedesktoppoppler
0.10.1
freedesktoppoppler
0.10.2
freedesktoppoppler
0.10.3
freedesktoppoppler
0.10.4
freedesktoppoppler
0.10.5
freedesktoppoppler
0.10.6
freedesktoppoppler
0.10.7
freedesktoppoppler
0.11.0
freedesktoppoppler
0.11.1
freedesktoppoppler
0.11.2
freedesktoppoppler
0.11.3
freedesktoppoppler
0.12.0
freedesktoppoppler
0.12.1
freedesktoppoppler
0.12.2
freedesktoppoppler
0.12.3
freedesktoppoppler
0.12.4
freedesktoppoppler
0.13.0
freedesktoppoppler
0.13.1
freedesktoppoppler
0.13.2
freedesktoppoppler
0.13.3
freedesktoppoppler
0.13.4
freedesktoppoppler
0.14.0
freedesktoppoppler
0.14.1
freedesktoppoppler
0.14.2
freedesktoppoppler
0.14.3
freedesktoppoppler
0.14.4
freedesktoppoppler
0.14.5
freedesktoppoppler
0.15.0
freedesktoppoppler
0.15.1
freedesktoppoppler
0.15.2
freedesktoppoppler
0.15.3
freedesktoppoppler
0.16.0
freedesktoppoppler
0.16.1
freedesktoppoppler
0.16.2
freedesktoppoppler
0.16.3
freedesktoppoppler
0.16.4
freedesktoppoppler
0.16.5
freedesktoppoppler
0.16.6
freedesktoppoppler
0.16.7
freedesktoppoppler
0.17.0
freedesktoppoppler
0.17.1
freedesktoppoppler
0.17.2
freedesktoppoppler
0.17.3
freedesktoppoppler
0.17.4
freedesktoppoppler
0.18.0
freedesktoppoppler
0.18.1
freedesktoppoppler
0.18.2
freedesktoppoppler
0.18.3
freedesktoppoppler
0.18.4
freedesktoppoppler
0.19.0
freedesktoppoppler
0.19.1
freedesktoppoppler
0.19.2
freedesktoppoppler
0.19.3
freedesktoppoppler
0.19.4
freedesktoppoppler
0.20.0
freedesktoppoppler
0.20.1
freedesktoppoppler
0.20.2
freedesktoppoppler
0.20.3
freedesktoppoppler
0.20.4
freedesktoppoppler
0.20.5
freedesktoppoppler
0.21.0
freedesktoppoppler
0.21.1
freedesktoppoppler
0.21.2
freedesktoppoppler
0.21.3
freedesktoppoppler
0.21.4
freedesktoppoppler
0.22.0
freedesktoppoppler
0.22.1
freedesktoppoppler
0.22.2
freedesktoppoppler
0.22.3
freedesktoppoppler
0.22.4
freedesktoppoppler
0.23.0
freedesktoppoppler
0.23.1
freedesktoppoppler
0.23.2
freedesktoppoppler
0.23.3
freedesktoppoppler
0.23.4
freedesktoppoppler
0.24.0
freedesktoppoppler
0.24.1
freedesktoppoppler
0.24.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bullseye (security)
20.09.0-3.1+deb11u1
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bookworm
22.12.0-2
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
xenial
not-affected
wily
not-affected
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
not-affected
lucid
ignored
Common Weakness Enumeration
References
http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html
http://seclists.org/oss-sec/2014/q1/105
http://seclists.org/oss-sec/2014/q1/97
http://secunia.com/advisories/56567
http://secunia.com/advisories/56776
http://security.gentoo.org/glsa/glsa-201401-21.xml
https://bugzilla.redhat.com/show_bug.cgi?id=1048199
https://exchange.xforce.ibmcloud.com/vulnerabilities/90552
http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html
http://seclists.org/oss-sec/2014/q1/105
http://seclists.org/oss-sec/2014/q1/97
http://secunia.com/advisories/56567
http://secunia.com/advisories/56776
http://security.gentoo.org/glsa/glsa-201401-21.xml
https://bugzilla.redhat.com/show_bug.cgi?id=1048199
https://exchange.xforce.ibmcloud.com/vulnerabilities/90552