CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-1000456
https://notcve.org/view.php?id=CVE-2017-1000456
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. freedesktop.org libpoppler 0.60.1 fracasa a la hora de validar límites en TextPool::addWord, lo que conduce a un desbordamiento de los cálculos posteriores. • https://bugs.freedesktop.org/show_bug.cgi?id=103116 https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html https://www.debian.org/security/2018/dsa-4097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-15565
https://notcve.org/view.php?id=CVE-2017-15565
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en la función GfxImageColorMap::getGrayLine() en GfxState.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=103016 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://www.debian.org/security/2018/dsa-4079 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-14975
https://notcve.org/view.php?id=CVE-2017-14975
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. La función FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL porque una estructura de datos no se inicializa, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). • https://bugzilla.freedesktop.org/show_bug.cgi?id=102653 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://www.debian.org/security/2018/dsa-4079 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-14976
https://notcve.org/view.php?id=CVE-2017-14976
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. La función FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 puede sufrir una vulnerabilidad de sobrelectura de búfer basada en memoria dinámica (heap) si se utiliza una fuente que provoca una indexación fuera de la memoria, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). • https://bugzilla.freedesktop.org/show_bug.cgi?id=102724 https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://www.debian.org/security/2018/dsa-4079 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-14977
https://notcve.org/view.php?id=CVE-2017-14977
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. La función FoFiTrueType::getCFFBlock en FoFiTrueType.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL debida a la ausencia de validación de un puntero de tabla, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). • https://bugs.freedesktop.org/show_bug.cgi?id=103045 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html https://www.debian.org/security/2018/dsa-4079 • CWE-476: NULL Pointer Dereference •