CVE-2013-1788
poppler - multiple issues
EPSS 4.1%
Description
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
How to fix CVE-2013-1788
To remediate CVE-2013-1788, upgrade the affected package to a fixed version below.
- Debian/poppler—upgrade to 0.18.4-6 or later
- Debian/poppler—upgrade to 0.12.4-1.2+squeeze3 or later
Is CVE-2013-1788 being exploited?
Low — EPSS is 4.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.18.4-6
- from 0, < 0.12.4-1.2+squeeze3