Page 25 of 156 results (0.034 seconds)

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 1

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 127EXPL: 1

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/18108 http://secunia.com/advisories/18109 http://secunia.com/advisories/18142 http://www.debian.org/security/2005/dsa-923 http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml http://www.securityfocus.com/bid/15923 http://www.vupen.com/english/advisories/2005/2962 •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl. • http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html http://secunia.com/advisories/17749 http://secunia.com/advisories/17817 http://secunia.com/advisories/17878 http://secunia.com/advisories/17942 http://secunia.com/advisories/18101 http://secunia.com/advisories/22556 http://www.debian.org/security/2006/dsa-1199 http://www.dyadsecurity.com/webmin-0001.html http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml http://www.mandriva.com/security/advisori •