What is CVE-2013-4978?

CVE-2013-4978 is a vulnerability in Aloaha Aloaha_pdf_suite_free, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-02-05.

Is CVE-2013-4978 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Aloaha Aloaha_pdf_suite_free

CVE-2013-4978

Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.

Vulnerability class: Buffer Overflow

EPSS: 0.503 (97.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

62036 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)
54585 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
20130828 [CORE-2013-0805] Aloaha PDF Suite Buffer Overflow Vulnerability (mailing-list, Exploit, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2013-4978?: CVE-2013-4978 is a vulnerability in Aloaha Aloaha_pdf_suite_free, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-02-05.
Is CVE-2013-4978 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.