PT-2013-3477 · Karteek · Karteek Docsplit

Larry W. Cashdollar

Published

2013-04-25

Updated

2022-05-17

CVE-2013-1933

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Karteek Docsplit (karteek-docsplit) gem version 0.5.4

Description The issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename. This is due to a problem in the extract from ocr function in lib/docsplit/text extractor.rb.

Recommendations For Karteek Docsplit (karteek-docsplit) gem version 0.5.4, consider disabling the extract from ocr function until a patch is available to prevent the execution of arbitrary commands via shell metacharacters in PDF filenames.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2013-1933

GHSA-4FVG-PWV7-V54G

Affected Products

Karteek Docsplit

PT-2013-3477 · Karteek · Karteek Docsplit

CVE-2013-1933

Weakness Enumeration

Related Identifiers

Affected Products

References · 7