Page 31 of 153 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

https://notcve.org/view.php?id=CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pdfdetach. • http://www.securityfocus.com/bid/106459 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 https://gitlab.freedesktop.org/poppler/poppler/issues/704 https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https:/ • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0

CVE-2018-12121 – nodejs: Denial of Service with large HTTP headers

https://notcve.org/view.php?id=CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. Node.js: Todas las versiones anteriores a la 6.15.0, 8.14.0, 10.14.0 y 11.3.0: Denegación de servicio (DoS) con cabeceras HTTP grandes. Mediante la combinación de muchas peticiones con cabeceras de tamaño máximo (casi 80 KB por conexión) y al terminar a su debido tiempo las cabeceras, es posible provocar que el servidor HTTP aborte el fallo de asignación de memoria dinámica (heap). El potencial del ataque se ve mitigado por el uso de un balance de carga u otra capa del proxy. • http://www.securityfocus.com/bid/106043 https://access.redhat.com/errata/RHSA-2019:1821 https://access.redhat.com/errata/RHSA-2019:2258 https://access.redhat.com/errata/RHSA-2019:3497 https://nodejs.org/en/blog/vulnerability/november-2018-security-releases https://security.gentoo.org/glsa/202003-48 https://access.redhat.com/security/cve/CVE-2018-12121 https://bugzilla.redhat.com/show_bug.cgi?id=1661002 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1

CVE-2018-18897 – poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc

https://notcve.org/view.php?id=CVE-2018-18897

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. Se ha descubierto un problema en Poppler 0.71.0. Hay una fuga de memoria en GfxColorSpace::setDisplayProfile in GfxState.cc, tal y como queda demostrado con pdftocairo. • https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/654 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://usn.ubuntu.com/4042-1 https://access.redhat.com/security/cve/CVE-2018-18897 https://bugzilla.redhat.com/show_bug.cgi?id=1646546 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •