CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2017-9776 – poppler: Integer overflow in JBIG2Stream.cc
https://notcve.org/view.php?id=CVE-2017-9776
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, cualquier otro tipo de problema mediante un documento PDF modificado. An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. • http://www.securityfocus.com/bid/99240 https://access.redhat.com/errata/RHSA-2017:2550 https://access.redhat.com/errata/RHSA-2017:2551 https://bugs.freedesktop.org/show_bug.cgi?id=101541 https://www.debian.org/security/2018/dsa-4079 https://access.redhat.com/security/cve/CVE-2017-9776 https://bugzilla.redhat.com/show_bug.cgi?id=1466443 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7515
https://notcve.org/view.php?id=CVE-2017-7515
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. poppler hasta versión 0.55.0, es vulnerable a una recursión no controlada en pdfunite resultando en una potencial denegación de servicio. • https://bugs.freedesktop.org/show_bug.cgi?id=101208 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 79EXPL: 0CVE-2017-7511
https://notcve.org/view.php?id=CVE-2017-7511
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. poppler desde versión 0.17.3, ha sido vulnerable a una desreferencia del puntero NULL en pdfunite desencadenada por documentos especialmente diseñados. • https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a https://security.gentoo.org/glsa/201801-17 • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4472
https://notcve.org/view.php?id=CVE-2013-4472
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. La función openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque symlink sobre archivos temporales con nombres previsibles. • http://osvdb.org/99064 http://poppler.freedesktop.org/releases.html http://seclists.org/oss-sec/2013/q4/181 http://seclists.org/oss-sec/2013/q4/183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 1%CPEs: 84EXPL: 0CVE-2013-7296
https://notcve.org/view.php?id=CVE-2013-7296
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. El método JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegación de servicio (fallo de segmentación y caída de aplicación) a través de un archivo PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html http://seclists.org/oss-sec/2014/q1/105 http://seclists.org/oss-sec/2014/q1/97 http://secunia.com/advisories/56567 http://secunia.com/advisories/56776 http://security.gentoo.org/glsa/glsa-201401-21.xml https://bugzilla.redhat.com/show_bug.cgi?id=1048199 https://exchange.xforce.ibmcloud.com/vulnerabilities/90552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •