Page 24 of 140 results (0.040 seconds)

CVSS: 6.8EPSS: 5%CPEs: 154EXPL: 0

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado que desencadena una liberación de datos no válidos. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories&#x • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 106EXPL: 0

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Múltiples desbordamientos del búfer en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permiten a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2SymbolDict::setBitmap y (2) JBIG2Stream::readSymbolDictSeg. • http://bugs.gentoo.org/show_bug.cgi?id=263028 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisori • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 33EXPL: 0

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Vulnerabilidad de ruta de búsqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a través de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo a la macro SYSTEM_XPDFRC no fijada en el proceso de construcción Gentoo, que usa la biblioteca poppler. • http://bugs.gentoo.org/show_bug.cgi?id=200023 http://bugs.gentoo.org/show_bug.cgi?id=242930 http://osvdb.org/53529 http://secunia.com/advisories/34610 http://security.gentoo.org/glsa/glsa-200904-07.xml http://www.securityfocus.com/bid/34401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 15%CPEs: 1EXPL: 0

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. Un desbordamiento de enteros en el método DCTStream::reset en el archivo xpdf/Stream.cc en Xpdf versión 3.02p11, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF diseñado, resultando en un desbordamiento de búfer en la región heap de la memoria. • http://secunia.com/advisories/26503 http://secunia.com/advisories/27260 http://secunia.com/advisories/27553 http://secunia.com/advisories/27573 http://secunia.com/advisories/27574 http://secunia.com/advisories/27575 http://secunia.com/advisories/27577 http://secunia.com/advisories/27578 http://secunia.com/advisories/27599 http://secunia.com/advisories/27615 http://secunia.com/advisories/27618 http://secunia.com/advisories/27619 http://secunia.com/advisories/27632 http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 17%CPEs: 1EXPL: 0

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. Un error de índice de matriz en el método DCTStream::readProgressiveDataUnit en el archivo xpdf/Stream.cc en Xpdf versión 3.02pl1, tal y como es usado en poppler, teTeX, KDE, KOffice, CUPS y otros productos, permite a atacantes remotos desencadenar corrupción de memoria y ejecutar código arbitrario por medio de un archivo PDF diseñado. • http://secunia.com/advisories/26503 http://secunia.com/advisories/27260 http://secunia.com/advisories/27553 http://secunia.com/advisories/27573 http://secunia.com/advisories/27574 http://secunia.com/advisories/27575 http://secunia.com/advisories/27577 http://secunia.com/advisories/27578 http://secunia.com/advisories/27599 http://secunia.com/advisories/27615 http://secunia.com/advisories/27618 http://secunia.com/advisories/27619 http://secunia.com/advisories/27632 http:/& •