CVSS: 5.5EPSS: 1%CPEs: 154EXPL: 0CVE-2009-1181 – PDF JBIG2 NULL dereference
https://notcve.org/view.php?id=CVE-2009-1181
16 Apr 2009 — The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado que desencade... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 3%CPEs: 154EXPL: 0CVE-2009-1182 – PDF JBIG2 MMR decoder buffer overflows
https://notcve.org/view.php?id=CVE-2009-1182
16 Apr 2009 — Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Múltiples desbordamientos del búfer en el decodificador JBIG2 MMR en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos, permiten a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado. Multi... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 154EXPL: 0CVE-2009-1183 – PDF JBIG2 MMR infinite loop DoS
https://notcve.org/view.php?id=CVE-2009-1183
16 Apr 2009 — The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. El decodificador JBIG2 MMR en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos permite a los atacantes remotos causar una denegación de servicio (bucle infinito y colgar) por medio de un archivo PDF creado. Multiple secu... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 2%CPEs: 106EXPL: 0CVE-2009-0146 – xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)
https://notcve.org/view.php?id=CVE-2009-0146
16 Apr 2009 — Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Múltiples desbordamientos del búfer en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permiten a los atacantes remotos causar una denegación de servicio (bloqueo... • http://bugs.gentoo.org/show_bug.cgi?id=263028 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 106EXPL: 0CVE-2009-0147 – xpdf: Multiple integer overflows in JBIG2 decoder
https://notcve.org/view.php?id=CVE-2009-0147
16 Apr 2009 — Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Múltiples desbordamientos enteros en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anterior, y otros productos permiten a los atacantes remotos caus... • http://bugs.gentoo.org/show_bug.cgi?id=263028 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 5%CPEs: 154EXPL: 0CVE-2009-0166 – xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder
https://notcve.org/view.php?id=CVE-2009-0166
16 Apr 2009 — The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una liberación de memoria no inicializada. Will Dorm... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 7.3EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1144 – Gentoo Linux Security Advisory 200904-7
https://notcve.org/view.php?id=CVE-2009-1144
07 Apr 2009 — Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Vulnerabilidad de ruta de búsqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a través de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo... • http://bugs.gentoo.org/show_bug.cgi?id=200023 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 3%CPEs: 39EXPL: 0CVE-2006-1244
https://notcve.org/view.php?id=CVE-2006-1244
15 Mar 2006 — Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE... • http://secunia.com/advisories/18948 •
CVSS: 9.1EPSS: 3%CPEs: 15EXPL: 0CVE-2005-3191 – KDE Security Advisory 2005-12-07.1
https://notcve.org/view.php?id=CVE-2005-3191
07 Dec 2005 — Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps),... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 3%CPEs: 15EXPL: 0CVE-2005-3193 – KDE Security Advisory 2005-12-07.1
https://notcve.org/view.php?id=CVE-2005-3193
07 Dec 2005 — Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. Local exploitation of a heap-based buffer overflow vulnerability i... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •