CVE-2012-2142

Exploit

EPSS 1.33%
Published 09.01.2020 21:15:10
Last modified 21.11.2024 01:38:35
Source secalert@redhat.com
Teams watchlist Login
Open Login

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

Affected products Warnungen 0 Metrics 3 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Freedesktop ≫ Poppler Version < 0.21.4

Xpdfreader ≫ Xpdf Version3.02

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Opensuse ≫ Opensuse Version12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.33%	0.791

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40

Patch

Vendor Advisory

http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f

Patch

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html

Patch

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2013/08/09/5

Third Party Advisory

Exploit

Mailing List

http://www.openwall.com/lists/oss-security/2013/08/09/6

Third Party Advisory

Exploit

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=789936

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2012-2142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2142

EUVD