CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 https://github.com/Levilutz/CVE-2021-30860 http://seclists.org/fulldisclosure/2021/Sep/25 http://seclists.org/fulldisclosure/2021/Sep/26 http://seclists.org/fulldisclosure/2021/Sep/27 http://seclists.org/fulldisclosure/2021/Sep/28 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep/40 http://seclists.org/fulldisclosure/2021/Sep/50 http://ww • CWE-190: Integer Overflow or Wraparound •
CVE-2010-0207
https://notcve.org/view.php?id=CVE-2010-0207
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. En xpdf, la tabla xref contiene un bucle infinito el cual permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) en visualizadores de PDF basados ??en xpdf. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207 https://security-tracker.debian.org/tracker/CVE-2010-0207 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2010-0206
https://notcve.org/view.php?id=CVE-2010-0206
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. xpdf, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo) en la manera en que se procesan los objetos de flujo PDF de JBIG2. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206 https://security-tracker.debian.org/tracker/CVE-2010-0206 • CWE-476: NULL Pointer Dereference •