CVSS: 4.3EPSS: 2%CPEs: 154EXPL: 0CVE-2009-1183 – PDF JBIG2 MMR infinite loop DoS
https://notcve.org/view.php?id=CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. El decodificador JBIG2 MMR en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos permite a los atacantes remotos causar una denegación de servicio (bucle infinito y colgar) por medio de un archivo PDF creado. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories&#x • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 18%CPEs: 48EXPL: 0CVE-2009-1187 – poppler CairoOutputDev integer overflow
https://notcve.org/view.php?id=CVE-2009-1187
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). Desbordamiento de entero en la característica JBIG2 decoding en Poppler anteriores a v0.10.6 permite a atacantes remotos producir una denegación de servicio (caida) y posiblemente ejecutar código a través de vectores relacionados con CairoOutputDev (CairoOutputDev.cc). • http://bugs.gentoo.org/show_bug.cgi?id=263028#c16 http://poppler.freedesktop.org/releases.html http://secunia.com/advisories/34746 http://secunia.com/advisories/35064 http://secunia.com/advisories/35618 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.kb.cert.org/vuls/id/196617 http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.redhat.com/support/errata/RHSA-2009-0480.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 23%CPEs: 48EXPL: 0CVE-2009-1188 – xpdf/poppler: SplashBitmap integer overflow
https://notcve.org/view.php?id=CVE-2009-1188
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Desbordamiento de entero en la característica JBIG2 decoding en Poppler anteriores a v0.10.6 permite a atacantes remotos producir una denegación de servicio (caida) y posiblemente ejecutar código a través de vectores relacionados con SplashBitmap (splash/SplashBitmap.cc). • http://bugs.gentoo.org/show_bug.cgi?id=263028#c16 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://poppler.freedesktop.org/releases.html http://secunia.com/advisories/34746 http://secunia.com/advisories/35064 http://secunia.com/advisories/35618 http://secunia.com/advisories/37028 http:// • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 11%CPEs: 34EXPL: 2CVE-2009-0755 – Poppler 0.10.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-0755
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. La funcion FormWidgetChoice::loadDefaults en Poppler anteriores v0.10.4 permite a atacantes remotos producir una denegacion de servicio (caida) a traves de un fichero PDF con una entrada "Form Opt" incorrecta. • https://www.exploit-db.com/exploits/32800 http://bugs.freedesktop.org/show_bug.cgi?id=19790 http://lists.freedesktop.org/archives/poppler/2009-January/004406.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/33853 http://secunia.com/advisories/35685 http://secunia.com/advisories/37114 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.debian.org/security/2009/dsa-1941 http://www.openwall.com/lists/oss-security& •
CVSS: 5.0EPSS: 5%CPEs: 34EXPL: 3CVE-2009-0756 – Poppler 0.10.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-0756
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. La función JBIG2Stream::readSymbolDictSeg en Poppler anteriores a v0.10.4 permite a atacantes remotos producir una denegación de servicio (caída) a través de un fichero PDF que dispara un error de parseo, lo cual no adecuadamente manejado por JBIG2SymbolDict::~JBIG2SymbolDict y produce una desreferencia de memoria incorrecta. • https://www.exploit-db.com/exploits/32800 http://bugs.freedesktop.org/show_bug.cgi?id=19702 http://lists.freedesktop.org/archives/poppler/2009-January/004403.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/33853 http://secunia.com/advisories/35685 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.openwall.com/lists/oss-security/2009/02/13/1 http://www.openwall.com/lists/oss-security/2009/02/19/2 http& •