Page 6 of 55 results (0.004 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. Se presenta una vulnerabilidad de lectura fuera de límites en la función FlateStream::getChar() ubicada en el archivo Stream.cc en Xpdf versión 4.01.01. Por ejemplo, puede activarse enviando un documento PDF creado para la herramienta pdftoppm. • https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT • CWE-125: Out-of-bounds Read •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data. Existe una sobre-lectura del búfer basado en la pila en PostScriptFunction :: transform en Function.cc en Xpdf 4.01.01 porque GfxSeparationColorSpace y GfxDeviceNColorSpace maneja de forma incorrecta tint transform funciona. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftops. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806 https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT • CWE-125: Out-of-bounds Read •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. existe un una sobrelectura de búfer basada en pila en la función FoFiTrueType::dumpString en el archivo fofi/FoFiTrueType.cc en Xpdf versión 4.01.01. Por ejemplo, puede activarse enviando datos TrueType en un documento PDF a la herramienta pdftops. Podría permitir que un atacante cause la Denegación de Servicio o filtre datos de la memoria hacia el volcado de contenido. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801 https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. En la versión 4.01 de Xpdf, hay un acceso de memoria inválida en gAtomicIncrement() en GMutex.h Puede desencadenarse mediante el envío de un archivo pdf manipulado a, por ejemplo, el binario pdftops. Permite a un atacante provocar una denegación de servicio (fallo de segmentación) o tener otro impacto no especificado. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261 https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. En la versión 4.01 de Xpdf, hay una vulnerabilidad de desreferencia de puntero NULL en PSOutputDev::setupResources() en PSOutputDev.cc. Puede desencadenarse mediante el envío de un archivo pdf manipulado a, por ejemplo, el binario pdftops. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01 • CWE-476: NULL Pointer Dereference •