Bug 1024762 (CVE-2013-4474)
Summary: | CVE-2013-4474 poppler: format string flaw in pdfseparate utility | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jkurik, mkasik, pfrields, rdieter |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | poppler 0.24.3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-31 06:39:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1024765, 1025160 | ||
Bug Blocks: | 1025135, 1025139 |
Description
Ratul Gupta
2013-10-30 11:37:23 UTC
Filename(line): poppler-0.24.2/utils/pdfseparate.cc(70) Code snippet: bool extractPages (const char *srcFileName, const char *destFileName) { char pathName[4096]; GooString *gfileName = new GooString (srcFileName); PDFDoc *doc = new PDFDoc (gfileName, NULL, NULL, NULL); ... if (firstPage != lastPage && strstr(destFileName, "%d") == NULL) { error(errSyntaxError, -1, "'{0:s}' must contain '%%d' if more than one page should be extracted", destFileName); return false; } for (int pageNo = firstPage; pageNo <= lastPage; pageNo++) { snprintf (pathName, sizeof (pathName) - 1, destFileName, pageNo); ^ function parameter passed as format string The function is called by main in line 110 directly passing the arguments: ok = extractPages (argv[1], argv[2]); ^ destFileName parameter Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1024765] This flaw affects the pdfseparate utility shipped with poppler. This utility is not shipped with the version of poppler shipped with Red Hat Enterprise Linux 5 and 6. Statement: Not Vulnerable. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6. poppler-0.22.1-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. poppler-0.20.2-17.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |