CVSS: 4.3EPSS: 1%CPEs: 61EXPL: 3CVE-2009-3609 – xpdf/poppler: ImageStream:: ImageStream integer overflow
https://notcve.org/view.php?id=CVE-2009-3609
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. Desbordamiento de entero en la función ImageStream::ImageStream en Stream.cc en Xpdf v3.02pl4 y Poppler v0.12.1, usado en GPdf, kdegraphics KPDF, y CUPS pdftops, permite a atacantes remotsos provocar una denegación de servicio (caída de aplicación) a través de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de búfer fuera del límite (over-read). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37023 http://secunia.com/advisories/37028 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 2%CPEs: 154EXPL: 0CVE-2009-1183 – PDF JBIG2 MMR infinite loop DoS
https://notcve.org/view.php?id=CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. El decodificador JBIG2 MMR en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos permite a los atacantes remotos causar una denegación de servicio (bucle infinito y colgar) por medio de un archivo PDF creado. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories&#x • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 22%CPEs: 154EXPL: 0CVE-2009-1179 – PDF JBIG2 integer overflow
https://notcve.org/view.php?id=CVE-2009-1179
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. Desbordamiento de enteros en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 2%CPEs: 154EXPL: 0CVE-2009-0166 – xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder
https://notcve.org/view.php?id=CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una liberación de memoria no inicializada. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34755 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://secunia.com/advisories/34959 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 16%CPEs: 48EXPL: 0CVE-2009-1187 – poppler CairoOutputDev integer overflow
https://notcve.org/view.php?id=CVE-2009-1187
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). Desbordamiento de entero en la característica JBIG2 decoding en Poppler anteriores a v0.10.6 permite a atacantes remotos producir una denegación de servicio (caida) y posiblemente ejecutar código a través de vectores relacionados con CairoOutputDev (CairoOutputDev.cc). • http://bugs.gentoo.org/show_bug.cgi?id=263028#c16 http://poppler.freedesktop.org/releases.html http://secunia.com/advisories/34746 http://secunia.com/advisories/35064 http://secunia.com/advisories/35618 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.kb.cert.org/vuls/id/196617 http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.redhat.com/support/errata/RHSA-2009-0480.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •