Poppler 0.14.3 – ‘/utils/pdfseparate.cc’ Local Format String

• Exploit Database
• 40 阅读

• 作者： Daniel Kahn Gillmor
  日期： 2013-10-26
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/38817/

• source: https://www.securityfocus.com/bid/63374/info
  
  Poppler is prone to a local format-string vulnerability because it fails to sanitize user-supplied input.
  
  An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
  
  Versions prior to Poppler 0.24.3 are vulnerable. 
  
  ./pdfseparate -f 1 -l 1 aPdfFile.pdf "%x%x%x%x%x%x%n"