CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.9%
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, Β© poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | poppler | <Β 0.4.5-5.1 | poppler_0.4.5-5.1_all.deb |
Debian | 11 | all | poppler | <Β 0.4.5-5.1 | poppler_0.4.5-5.1_all.deb |
Debian | 999 | all | poppler | <Β 0.4.5-5.1 | poppler_0.4.5-5.1_all.deb |
Debian | 13 | all | poppler | <Β 0.4.5-5.1 | poppler_0.4.5-5.1_all.deb |
Debian | 12 | all | xpdf | <Β 3.02 | xpdf_3.02_all.deb |
Debian | 11 | all | xpdf | <Β 3.02 | xpdf_3.02_all.deb |
Debian | 999 | all | xpdf | <Β 3.02 | xpdf_3.02_all.deb |
Debian | 13 | all | xpdf | <Β 3.02 | xpdf_3.02_all.deb |