Page 13 of 135 results (0.004 seconds)

CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. Hay una desreferencia de puntero NULL en la función AnnotPath::getCoordsLength en Annot.h en un paquete de Ubuntu para Poppler 0.24.5. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.freedesktop.org/show_bug.cgi?id=106408 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://usn.ubuntu.com/3647-1 https://access.redhat.com/security/cve/CVE-2018-10768 https://bugzilla.redhat.com/show_bug.cgi?id=1576169 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. Se ha descubierto que no se respeta la política system umask cuando se crean directorios de usuarios XDG, ya que Xsession obtiene xdg-user-dirs.sh antes de establecer la política umask. Esto solo afecta a xdg-user-dirs en versiones anteriores a la 0.15.5, tal y como se incluye en Red Hat Enterprise Linux. It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. • https://access.redhat.com/errata/RHSA-2018:0842 https://bugzilla.redhat.com/show_bug.cgi?id=1412762 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://access.redhat.com/security/cve/CVE-2017-15131 https://bugzilla.redhat.com/show_bug.cgi?id=1455094 • CWE-266: Incorrect Privilege Assignment CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. freedesktop.org libpoppler 0.60.1 fracasa a la hora de validar límites en TextPool::addWord, lo que conduce a un desbordamiento de los cálculos posteriores. • https://bugs.freedesktop.org/show_bug.cgi?id=103116 https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html https://www.debian.org/security/2018/dsa-4097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en la función GfxImageColorMap::getGrayLine() en GfxState.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=103016 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://www.debian.org/security/2018/dsa-4079 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. La función FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL porque una estructura de datos no se inicializa, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). • https://bugzilla.freedesktop.org/show_bug.cgi?id=102653 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://www.debian.org/security/2018/dsa-4079 • CWE-476: NULL Pointer Dereference •