Mandriva Linux Security Advisory : poppler (MDVSA-2013:272)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated poppler packages fix security vulnerabilities :

Poppler is found to be affected by a stack based buffer overflow
vulnerability in the pdfseparate utility. Successfully exploiting this
issue could allow remote attackers to execute arbitrary code in the
context of the affected application. Failed exploits may result in
denial-of-service conditions (CVE-2013-4473).

Poppler was found to have a user controlled format string
vulnerability because it fails to sanitize user-supplied input. An
attacker may exploit this issue to execute arbitrary code in the
context of the vulnerable application. Failed exploit attempts will
likely result in a denial-of-service condition (CVE-2013-4474).

See also :

http://advisories.mageia.org/MGASA-2013-0332.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 71027 ()

Bugtraq ID: 63368
63374

CVE ID: CVE-2013-4473
CVE-2013-4474

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now