Summary
Multiple vulnerabilities were discovered in the poppler PDF rendering library.
CVE-2013-1788
Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document.
CVE-2013-1790
An uninitialized memory issue, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document.
Solution
For the oldstable distribution (squeeze), these problems have been fixed in version 0.12.4-1.2+squeeze3.
For the stable (wheezy), testing (jessie), and unstable (sid) distributions, these problems have been fixed in version 0.18.4-6.
We recommend that you upgrade your poppler packages.
Insight
Poppler is a PDF rendering library based on the xpdf PDF viewer.
Affected
poppler on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-1788, CVE-2013-1790 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities