CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
90.5%
Buffer overflow in the ABWOutputDev::endWord function in
poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and
possibly other versions, as used by the Abiword pdftoabw utility, allows
user-assisted remote attackers to cause a denial of service and possibly
execute arbitrary code via a crafted PDF file.
Author | Note |
---|---|
mdeslaur | as of 2010-01-18, upstream hasn’t committed a fix yet debian released patch from bug, but it’s not final intrepid+ compiler hardening reduces this to a denial of service. Can’t reproduce issue on Hardy. Setting to “low”. seems we don’t carry the patch that Debian is carrying for this. |
jdstrand | pdftoabw was removed in 0.18 |