CVSS: 6.8EPSS: 2%CPEs: 64EXPL: 0CVE-2011-1553 – t1lib: Use-after-free via crafted Type 1 font
https://notcve.org/view.php?id=CVE-2011-1553
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. Vulnerabilidad liberar después de usar (use-after-free) en t1lib v5.1.2 y anteriores, utilizado en Xpdf anterior a v3.02pl6 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un documento PDF con una fuente Typo 1, generando una escritura inválida en memoria, una vulnerabilidad diferente a CVE-2011-0764. • http://rhn.redhat.com/errata/RHSA-2012-1201.html http://secunia.com/advisories/43823 http://secunia.com/advisories/48985 http://securityreason.com/securityalert/8171 http://securitytracker.com/id?1025266 http://www.foolabs.com/xpdf/download.html http://www.kb.cert.org/vuls/id/376500 http://www.kb.cert.org/vuls/id/MAPG-8ECL8X http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 http://www.securityfocus.com/archive/1/517205/100/0/threaded http://www.to • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.8EPSS: 27%CPEs: 64EXPL: 0CVE-2011-0764 – t1lib: Invalid pointer dereference via crafted Type 1 font
https://notcve.org/view.php?id=CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. t1lib v5.1.2 y versiones anteriores, utilizado en Xpdf anterior a v3.02pl6 y otros productos, utiliza un puntero no válido en una operación de eliminación de referencias, permitiendo a atacantes remotos ejecutar código arbitrario a través de un fuente Tipo 1 manipulada en un documento PDF, como lo demuestra el testz.2184122398.pdf • http://rhn.redhat.com/errata/RHSA-2012-1201.html http://secunia.com/advisories/43823 http://secunia.com/advisories/47347 http://secunia.com/advisories/48985 http://securityreason.com/securityalert/8171 http://securitytracker.com/id?1025266 http://www.foolabs.com/xpdf/download.html http://www.kb.cert.org/vuls/id/376500 http://www.kb.cert.org/vuls/id/MAPG-8ECL8X http://www.mandriva.com/security/advisories?name=MDVSA-2012:002 http://www.mandriva.com/security/advisories? • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 75EXPL: 0CVE-2010-3704 – xpdf: array indexing error in FoFiType1::parse()
https://notcve.org/view.php?id=CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. La función FoFiType1::parse en fofi/FoFiType1.cc del parseador de PDF de xpdf antes de v3.02pl5, poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, kdegraphics, y posiblemente otros productos, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario mediante un archivo PDF con una fuente Type1 modificada que contiene un índice de matriz negativo, el cual se salta la validación de entrada y que provoca una corrupción de memoria. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html http://lists.fedoraproject.org/pipermail/package • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 43%CPEs: 67EXPL: 2CVE-2009-3604 – xpdf/poppler: Splash:: drawImage integer overflow and missing allocation return value check
https://notcve.org/view.php?id=CVE-2009-3604
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. Desbordamiento de entero en la función Splash.cc en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF y GPdf, no asigna la memoria adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y probablemente, la ejecución de código de su elección a través de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de búfer basado en memoria dinámica (heap). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/ • CWE-190: Integer Overflow or Wraparound CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2009-0165
https://notcve.org/view.php?id=CVE-2009-0165
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." Desbordamiento de entero en el decodificador JBIG2 en Xpdf v3.02p12 y anteriores, como se utiliza en Poppler y otros productos, cuando corre en Mac OS X, tiene un impacto desconocido, relacionado con "g*allocn." • http://bugs.gentoo.org/show_bug.cgi?id=263028 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34852 http://secunia.com/advisories/34959 http:&# • CWE-189: Numeric Errors •