Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String

EDB-ID:

38817




Platform:

Linux

Date:

2013-10-26


source: https://www.securityfocus.com/bid/63374/info

Poppler is prone to a local format-string vulnerability because it fails to sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Versions prior to Poppler 0.24.3 are vulnerable. 

./pdfseparate -f 1 -l 1 aPdfFile.pdf "%x%x%x%x%x%x%n"