CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2012-2142 – Slackware Security Advisory - xpdf Updates
https://notcve.org/view.php?id=CVE-2012-2142
23 Aug 2013 — The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. La función error en el archivo Error.cc en poppler versiones anteriores a 0.21.4, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un PDF que contiene una secuencia de escape para un emulador terminal. New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 5CVE-2013-1788 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1788
09 Apr 2013 — poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de vectores que disparan un "acceso de memoria invalida" en (1) splash/Splash.cc... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2013-1789 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1789
09 Apr 2013 — splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. splash/Splash.cc en poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (referencia NULL y caída de la aplicación) a través de vectores relacionados con las funciones (1) Splash::arbitrar... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2013-1790 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1790
09 Apr 2013 — poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. poppler/Stream.cc en poppler anterior a 0.22.1 permite a atacantes dependientes de contexto tener un impacto no especificado a través de vectores que provocan una lectura de memoria no inicializada por la función CCITTFaxStream::lookChar Multiple vulnerabilities have been found in Poppler, some of which m... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 29EXPL: 0CVE-2010-3702 – xpdf: uninitialized Gfx::parser pointer dereference
https://notcve.org/view.php?id=CVE-2010-3702
05 Nov 2010 — The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. La función Gfx::getPos en el analizador PDF en Xpdf versión anterior a 3.02 PL5, Poppler versión 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros producto... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 1%CPEs: 35EXPL: 0CVE-2010-3703 – poppler: use of initialized pointer in PostScriptFunction
https://notcve.org/view.php?id=CVE-2010-3703
05 Nov 2010 — The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. La función PostScriptFunction::PostScriptFunction en poppler/Function.cc en el analizador de PDF de poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, y posiblemente otros, permite p... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 75EXPL: 0CVE-2010-3704 – xpdf: array indexing error in FoFiType1::parse()
https://notcve.org/view.php?id=CVE-2010-3704
05 Nov 2010 — The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. La función FoFiType1::parse en fofi/FoFiType1.cc del parsead... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2009-3938 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2009-3938
13 Nov 2009 — Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file. Desbordamiento de búfer en la función ABWOutputDev::endWord en poppler/ABWOutputDev.cc en Poppler (alias libpoppler) 0.10.6, 0.12.0 y posiblemente otras versiones, tal como se usa en la util... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 4%CPEs: 48EXPL: 0CVE-2009-3605 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2009-3605
02 Nov 2009 — Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791. Múltiples desbordamientos de... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 58EXPL: 1CVE-2009-3603 – xpdf/poppler: SplashBitmap:: SplashBitmap integer overflow
https://notcve.org/view.php?id=CVE-2009-3603
21 Oct 2009 — Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. Desbordamiento de entero en la función SplashBitmap::SplashBitmap en Xpdf v3.x anterior a v3.02pl4 y Poppler anteior a ... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •