CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2017-14976 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14976
01 Oct 2017 — The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. La función FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 puede sufrir una vulnerabilidad de sobrelectura de búfer basada en memoria dinámica (heap) si se utiliza una fuente que provoca una indexación fuera de la memoria, lo que permite a un atacante pr... • https://bugzilla.freedesktop.org/show_bug.cgi?id=102724 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-14977 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14977
01 Oct 2017 — The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. La función FoFiTrueType::getCFFBlock en FoFiTrueType.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL debida a la ausencia de validación de un puntero de tabla, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). It was dis... • https://bugs.freedesktop.org/show_bug.cgi?id=103045 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14926
https://notcve.org/view.php?id=CVE-2017-14926
29 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en AnnotRichMedia::Content::Content en Annot.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=102601 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14927
https://notcve.org/view.php?id=CVE-2017-14927
29 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en la función SplashOutputDev::type3D0() en SplashOutputDev.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=102604 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14928
https://notcve.org/view.php?id=CVE-2017-14928
29 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en AnnotRichMedia::Configuration::Configuration en Annot.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=102607 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14929 – Debian Security Advisory 4097-1
https://notcve.org/view.php?id=CVE-2017-14929
29 Sep 2017 — In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. En Poppler 0.59.0, ocurre una corrupción de memoria en una llamada a Object::dictLookup() en Object.h después de series repetitivas de llamadas a Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx:... • https://bugs.freedesktop.org/show_bug.cgi?id=102969 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14617
https://notcve.org/view.php?id=CVE-2017-14617
20 Sep 2017 — In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. En Poppler 0.59.0, una excepción de punto flotante ocurre en la clase ImageStream en Stream.cc, lo que podría desembocar en un ataque al administrar archivos PDF maliciosos. • https://bugs.freedesktop.org/show_bug.cgi?id=102854 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14517 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14517
17 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en la función XRef::parseEntry() en XRef.cc mediante un documento PDF manipulado. It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial service. This issue only affected Ubuntu 17.04. • http://www.securityfocus.com/bid/105050 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14518 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14518
17 Sep 2017 — In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. En Poppler 0.59.0, existe una excepción de punto flotante en la función isImageInterpolationRequired() en Splash.cc mediante un documento PDF manipulado. Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. • https://bugs.freedesktop.org/show_bug.cgi?id=102688 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14519 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14519
17 Sep 2017 — In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). En Poppler 0.59.0, existe una corrupción de memoria en una llamada a Object::streamGetChar en Object.h después de repetir series de llamadas Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText y Gfx::doShowText (también conocida como bucle infinito en Gfx.cc). It was discovered that ... • https://bugs.freedesktop.org/show_bug.cgi?id=102701 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •