CVE-2009-0755 – Poppler 0.10.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-0755
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. La funcion FormWidgetChoice::loadDefaults en Poppler anteriores v0.10.4 permite a atacantes remotos producir una denegacion de servicio (caida) a traves de un fichero PDF con una entrada "Form Opt" incorrecta. • https://www.exploit-db.com/exploits/32800 http://bugs.freedesktop.org/show_bug.cgi?id=19790 http://lists.freedesktop.org/archives/poppler/2009-January/004406.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/33853 http://secunia.com/advisories/35685 http://secunia.com/advisories/37114 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.debian.org/security/2009/dsa-1941 http://www.openwall.com/lists/oss-security& •
CVE-2009-0756 – Poppler 0.10.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-0756
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. La función JBIG2Stream::readSymbolDictSeg en Poppler anteriores a v0.10.4 permite a atacantes remotos producir una denegación de servicio (caída) a través de un fichero PDF que dispara un error de parseo, lo cual no adecuadamente manejado por JBIG2SymbolDict::~JBIG2SymbolDict y produce una desreferencia de memoria incorrecta. • https://www.exploit-db.com/exploits/32800 http://bugs.freedesktop.org/show_bug.cgi?id=19702 http://lists.freedesktop.org/archives/poppler/2009-January/004403.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/33853 http://secunia.com/advisories/35685 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.openwall.com/lists/oss-security/2009/02/13/1 http://www.openwall.com/lists/oss-security/2009/02/19/2 http& •
CVE-2008-2950 – Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution
https://notcve.org/view.php?id=CVE-2008-2950
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. El destructor Page de Page.cc en libpoppler de Poppler 0.8.4 y anteriores, elimina el objeto pageWidgets incluso si éste no ha sido iniciado por un constructor Page, esto permite a atacantes remotos ejecutar código de su elección mediante un documento PDF manipulado. • https://www.exploit-db.com/exploits/6032 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://secunia.com/advisories/30963 http://secunia.com/advisories/31002 http://secunia.com/advisories/31167 http://secunia.com/advisories/31267 http://secunia.com/advisories/31405 http://security.gentoo.org/glsa/glsa-200807-04.xml http://securityreason.com/securityalert/3977 http://wiki.rpath.com/Advisories:rPSA-2008-0223 http://www.mandriva.com/security/advisories? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-1693 – xpdf: embedded font vulnerability
https://notcve.org/view.php?id=CVE-2008-1693
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. La función CairoFont::create en CairoFontEngine.cc de Poppler, posiblemente anterior a 0.8.0, como se usa en Xpdf, Evince, ePDFview, KWord y otras aplicaciones, no maneja correctamente fuentes embebidas en archivos PDF, lo que permite a atacantes remotos ejecutar código de su elección a través de un objeto fuente manipulado, relacionado con referenciar un puntero de una función asociado con el tipo de este objeto fuente. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29816 http://secunia.com/advisories/29834 http://secunia.com/advisories/29836 http://secunia.com/advisories/29851 http://secunia.com/advisories/29853 http://secunia.com/advisories/29868 http://secunia.com/advisories/29869 http://secunia.com/advisories/29884 http://secunia.com/advisories/29885 http://secunia.com/advisories/30019 http://secunia.com/advisories/30033 http:// • CWE-20: Improper Input Validation •
CVE-2007-3387 – xpdf integer overflow
https://notcve.org/view.php?id=CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Un desbordamiento de enteros en la función StreamPredictor::StreamPredictor en xpdf versión 3.02, tal como es usado en (1) poppler anterior a versión 0.5.91, (2) gpdf anterior a versión 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podrían permitir que los atacantes remotos ejecuten código arbitrario por medio de un archivo PDF creado que causa un desbordamiento del búfer en la región stack de la memoria, en la función StreamPredictor::getNextLine. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=187139 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 http://osvdb.org/40127 http://secunia.com/advisories/26188 http://secunia.com/advisories/26251 http://secunia.com/advisories/26254 http://secunia.com/advisories/26255 http://secunia.com/advisories/26257 http://secunia.com/advisories/26278 • CWE-190: Integer Overflow or Wraparound •