CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2017-9776 – poppler: Integer overflow in JBIG2Stream.cc
https://notcve.org/view.php?id=CVE-2017-9776
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, cualquier otro tipo de problema mediante un documento PDF modificado. An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. • http://www.securityfocus.com/bid/99240 https://access.redhat.com/errata/RHSA-2017:2550 https://access.redhat.com/errata/RHSA-2017:2551 https://bugs.freedesktop.org/show_bug.cgi?id=101541 https://www.debian.org/security/2018/dsa-4079 https://access.redhat.com/security/cve/CVE-2017-9776 https://bugzilla.redhat.com/show_bug.cgi?id=1466443 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7515
https://notcve.org/view.php?id=CVE-2017-7515
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. poppler hasta versión 0.55.0, es vulnerable a una recursión no controlada en pdfunite resultando en una potencial denegación de servicio. • https://bugs.freedesktop.org/show_bug.cgi?id=101208 • CWE-674: Uncontrolled Recursion •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2010-5110
https://notcve.org/view.php?id=CVE-2010-5110
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. DCTStream.cc en Poppler anterior a 0.13.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 http://comments.gmane.org/gmane.comp.security.oss.general/11132 http://secunia.com/advisories/59857 https://bugs.freedesktop.org/show_bug.cgi?id=26280 https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4472
https://notcve.org/view.php?id=CVE-2013-4472
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. La función openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque symlink sobre archivos temporales con nombres previsibles. • http://osvdb.org/99064 http://poppler.freedesktop.org/releases.html http://seclists.org/oss-sec/2013/q4/181 http://seclists.org/oss-sec/2013/q4/183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 1%CPEs: 84EXPL: 0CVE-2013-7296
https://notcve.org/view.php?id=CVE-2013-7296
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. El método JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegación de servicio (fallo de segmentación y caída de aplicación) a través de un archivo PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html http://seclists.org/oss-sec/2014/q1/105 http://seclists.org/oss-sec/2014/q1/97 http://secunia.com/advisories/56567 http://secunia.com/advisories/56776 http://security.gentoo.org/glsa/glsa-201401-21.xml https://bugzilla.redhat.com/show_bug.cgi?id=1048199 https://exchange.xforce.ibmcloud.com/vulnerabilities/90552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •