Page 4 of 59 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. Un desbordamiento de búfer basado en pila en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un documento PDF modificado. A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. • http://www.securityfocus.com/bid/99241 https://access.redhat.com/errata/RHSA-2017:2551 https://bugs.freedesktop.org/show_bug.cgi?id=101540 https://www.debian.org/security/2018/dsa-4079 https://access.redhat.com/security/cve/CVE-2017-9775 https://bugzilla.redhat.com/show_bug.cgi?id=1466442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. poppler hasta versión 0.55.0, es vulnerable a una recursión no controlada en pdfunite resultando en una potencial denegación de servicio. • https://bugs.freedesktop.org/show_bug.cgi?id=101208 • CWE-674: Uncontrolled Recursion •

CVSS: 5.5EPSS: 0%CPEs: 79EXPL: 0

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. poppler desde versión 0.17.3, ha sido vulnerable a una desreferencia del puntero NULL en pdfunite desencadenada por documentos especialmente diseñados. • https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a https://security.gentoo.org/glsa/201801-17 • CWE-476: NULL Pointer Dereference •

CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. Desbordamiento de buffer basado en memoria dinámica en la función ExponentialFunction::ExponentialFunction en Poppler en versiones anteriores a 0.40.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) o posiblemente ejecutar código arbitrario a través de un modo blend no válido en el diccionario ExtGState en un documento PDF manipulado. A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-2580.html http://www.debian.org/security/2016/dsa-3563 http://www.openwall.com/lists/oss-security/2016/04/12/1 http://www.securityfocus.com/bid/89324 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. DCTStream.cc en Poppler anterior a 0.13.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 http://comments.gmane.org/gmane.comp.security.oss.general/11132 http://secunia.com/advisories/59857 https://bugs.freedesktop.org/show_bug.cgi?id=26280 https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html • CWE-20: Improper Input Validation •