CVE-2015-8868 – poppler: heap buffer overflow in ExponentialFunction
https://notcve.org/view.php?id=CVE-2015-8868
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. Desbordamiento de buffer basado en memoria dinámica en la función ExponentialFunction::ExponentialFunction en Poppler en versiones anteriores a 0.40.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) o posiblemente ejecutar código arbitrario a través de un modo blend no válido en el diccionario ExtGState en un documento PDF manipulado. A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-2580.html http://www.debian.org/security/2016/dsa-3563 http://www.openwall.com/lists/oss-security/2016/04/12/1 http://www.securityfocus.com/bid/89324 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2010-5110
https://notcve.org/view.php?id=CVE-2010-5110
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. DCTStream.cc en Poppler anterior a 0.13.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 http://comments.gmane.org/gmane.comp.security.oss.general/11132 http://secunia.com/advisories/59857 https://bugs.freedesktop.org/show_bug.cgi?id=26280 https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html • CWE-20: Improper Input Validation •
CVE-2013-4472
https://notcve.org/view.php?id=CVE-2013-4472
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. La función openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque symlink sobre archivos temporales con nombres previsibles. • http://osvdb.org/99064 http://poppler.freedesktop.org/releases.html http://seclists.org/oss-sec/2013/q4/181 http://seclists.org/oss-sec/2013/q4/183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2013-7296
https://notcve.org/view.php?id=CVE-2013-7296
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. El método JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegación de servicio (fallo de segmentación y caída de aplicación) a través de un archivo PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html http://seclists.org/oss-sec/2014/q1/105 http://seclists.org/oss-sec/2014/q1/97 http://secunia.com/advisories/56567 http://secunia.com/advisories/56776 http://security.gentoo.org/glsa/glsa-201401-21.xml https://bugzilla.redhat.com/show_bug.cgi?id=1048199 https://exchange.xforce.ibmcloud.com/vulnerabilities/90552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4474 – Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String
https://notcve.org/view.php?id=CVE-2013-4474
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Vulnerabilidad de formato de cadena en la función extractPages en utils/pdfseparate.cc de Poppler anterior a la versión 024.2 permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de cadena en un nombre de archivo de destino. • https://www.exploit-db.com/exploits/38817 http://bugs.debian.org/723124 http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75 http://secunia.com/advisories/56567 http://security.gentoo.org/glsa/glsa-201401-21.xml http://www.openwall.com/lists/oss-security/2013/10/29/1 http://www.securityfocus.com/bid/63374 http://www.ubuntu.com/usn/USN-2958-1 https://bugs.freedesktop.org/show_bug.cgi?id=69434 • CWE-20: Improper Input Validation •