Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
{ "binaries": [ { "binary_name": "gir1.2-poppler-0.18", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-cpp-dev", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-cpp0", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-dev", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-glib-dev", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-glib8", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-private-dev", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-qt4-4", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-qt4-dev", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-qt5-1", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler-qt5-dev", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "libpoppler43", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "poppler-dbg", "binary_version": "0.24.3-0ubuntu1" }, { "binary_name": "poppler-utils", "binary_version": "0.24.3-0ubuntu1" } ], "ubuntu_priority": "negligible", "availability": "No subscription required" }