CVE-2013-7296
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.0
Description
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | trixie | fixed | 0 |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| freedesktop | poppler | {"endIncluding":"0.24.3"} | |
| freedesktop | poppler | 0.1 | |
| freedesktop | poppler | 0.1.1 | |
| freedesktop | poppler | 0.1.2 | |
| freedesktop | poppler | 0.2.0 | |
| freedesktop | poppler | 0.10.0 | |
| freedesktop | poppler | 0.10.1 | |
| freedesktop | poppler | 0.10.2 | |
| freedesktop | poppler | 0.10.3 | |
| freedesktop | poppler | 0.10.4 | |
| freedesktop | poppler | 0.10.5 | |
| freedesktop | poppler | 0.10.6 | |
| freedesktop | poppler | 0.10.7 | |
| freedesktop | poppler | 0.11.0 | |
| freedesktop | poppler | 0.11.1 | |
| freedesktop | poppler | 0.11.2 | |
| freedesktop | poppler | 0.11.3 | |
| freedesktop | poppler | 0.12.0 | |
| freedesktop | poppler | 0.12.1 | |
| freedesktop | poppler | 0.12.2 | |
| freedesktop | poppler | 0.12.3 | |
| freedesktop | poppler | 0.12.4 | |
| freedesktop | poppler | 0.13.0 | |
| freedesktop | poppler | 0.13.1 | |
| freedesktop | poppler | 0.13.2 | |
| freedesktop | poppler | 0.13.3 | |
| freedesktop | poppler | 0.13.4 | |
| freedesktop | poppler | 0.14.0 | |
| freedesktop | poppler | 0.14.1 | |
| freedesktop | poppler | 0.14.2 | |
| freedesktop | poppler | 0.14.3 | |
| freedesktop | poppler | 0.14.4 | |
| freedesktop | poppler | 0.14.5 | |
| freedesktop | poppler | 0.15.0 | |
| freedesktop | poppler | 0.15.1 | |
| freedesktop | poppler | 0.15.2 | |
| freedesktop | poppler | 0.15.3 | |
| freedesktop | poppler | 0.16.0 | |
| freedesktop | poppler | 0.16.1 | |
| freedesktop | poppler | 0.16.2 | |
| freedesktop | poppler | 0.16.3 | |
| freedesktop | poppler | 0.16.4 | |
| freedesktop | poppler | 0.16.5 | |
| freedesktop | poppler | 0.16.6 | |
| freedesktop | poppler | 0.16.7 | |
| freedesktop | poppler | 0.17.0 | |
| freedesktop | poppler | 0.17.1 | |
| freedesktop | poppler | 0.17.2 | |
| freedesktop | poppler | 0.17.3 | |
| freedesktop | poppler | 0.17.4 | |
| freedesktop | poppler | 0.18.0 | |
| freedesktop | poppler | 0.18.1 | |
| freedesktop | poppler | 0.18.2 | |
| freedesktop | poppler | 0.18.3 | |
| freedesktop | poppler | 0.18.4 | |
| freedesktop | poppler | 0.19.0 | |
| freedesktop | poppler | 0.19.1 | |
| freedesktop | poppler | 0.19.2 | |
| freedesktop | poppler | 0.19.3 | |
| freedesktop | poppler | 0.19.4 | |
| freedesktop | poppler | 0.20.0 | |
| freedesktop | poppler | 0.20.1 | |
| freedesktop | poppler | 0.20.2 | |
| freedesktop | poppler | 0.20.3 | |
| freedesktop | poppler | 0.20.4 | |
| freedesktop | poppler | 0.20.5 | |
| freedesktop | poppler | 0.21.0 | |
| freedesktop | poppler | 0.21.1 | |
| freedesktop | poppler | 0.21.2 | |
| freedesktop | poppler | 0.21.3 | |
| freedesktop | poppler | 0.21.4 | |
| freedesktop | poppler | 0.22.0 | |
| freedesktop | poppler | 0.22.1 | |
| freedesktop | poppler | 0.22.2 | |
| freedesktop | poppler | 0.22.3 | |
| freedesktop | poppler | 0.22.4 | |
| freedesktop | poppler | 0.23.0 | |
| freedesktop | poppler | 0.23.1 | |
| freedesktop | poppler | 0.23.2 | |
| freedesktop | poppler | 0.23.3 | |
| freedesktop | poppler | 0.23.4 | |
| freedesktop | poppler | 0.24.0 | |
| freedesktop | poppler | 0.24.1 | |
| freedesktop | poppler | 0.24.2 | |
References
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html
- http://seclists.org/oss-sec/2014/q1/105
- http://seclists.org/oss-sec/2014/q1/97
- http://secunia.com/advisories/56567
- http://secunia.com/advisories/56776
- http://security.gentoo.org/glsa/glsa-201401-21.xml
- https://bugzilla.redhat.com/show_bug.cgi?id=1048199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90552
- https://security-tracker.debian.org/tracker/CVE-2013-7296
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.