CVSS: 5.0EPSS: 11%CPEs: 34EXPL: 2CVE-2009-0755 – Poppler 0.10.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-0755
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. La funcion FormWidgetChoice::loadDefaults en Poppler anteriores v0.10.4 permite a atacantes remotos producir una denegacion de servicio (caida) a traves de un fichero PDF con una entrada "Form Opt" incorrecta. • https://www.exploit-db.com/exploits/32800 http://bugs.freedesktop.org/show_bug.cgi?id=19790 http://lists.freedesktop.org/archives/poppler/2009-January/004406.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/33853 http://secunia.com/advisories/35685 http://secunia.com/advisories/37114 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.debian.org/security/2009/dsa-1941 http://www.openwall.com/lists/oss-security& •
CVSS: 5.0EPSS: 5%CPEs: 34EXPL: 3CVE-2009-0756 – Poppler 0.10.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2009-0756
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. La función JBIG2Stream::readSymbolDictSeg en Poppler anteriores a v0.10.4 permite a atacantes remotos producir una denegación de servicio (caída) a través de un fichero PDF que dispara un error de parseo, lo cual no adecuadamente manejado por JBIG2SymbolDict::~JBIG2SymbolDict y produce una desreferencia de memoria incorrecta. • https://www.exploit-db.com/exploits/32800 http://bugs.freedesktop.org/show_bug.cgi?id=19702 http://lists.freedesktop.org/archives/poppler/2009-January/004403.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/33853 http://secunia.com/advisories/35685 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.openwall.com/lists/oss-security/2009/02/13/1 http://www.openwall.com/lists/oss-security/2009/02/19/2 http& •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 1CVE-2008-2950 – Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution
https://notcve.org/view.php?id=CVE-2008-2950
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. El destructor Page de Page.cc en libpoppler de Poppler 0.8.4 y anteriores, elimina el objeto pageWidgets incluso si éste no ha sido iniciado por un constructor Page, esto permite a atacantes remotos ejecutar código de su elección mediante un documento PDF manipulado. • https://www.exploit-db.com/exploits/6032 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://secunia.com/advisories/30963 http://secunia.com/advisories/31002 http://secunia.com/advisories/31167 http://secunia.com/advisories/31267 http://secunia.com/advisories/31405 http://security.gentoo.org/glsa/glsa-200807-04.xml http://securityreason.com/securityalert/3977 http://wiki.rpath.com/Advisories:rPSA-2008-0223 http://www.mandriva.com/security/advisories? • CWE-94: Improper Control of Generation of Code ('Code Injection') •