Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String

Author: Daniel Kahn Gillmor
type: local
platform: linux
port: 
date_added: 2013-10-26 
date_updated: 2016-12-14 
verified: 1 
codes: CVE-2013-4474;OSVDB-99066 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.compoppler-0.14.3.tar.gz

source: https://www.securityfocus.com/bid/63374/info

Poppler is prone to a local format-string vulnerability because it fails to sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Versions prior to Poppler 0.24.3 are vulnerable.

./pdfseparate -f 1 -l 1 aPdfFile.pdf "%x%x%x%x%x%x%n"