CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2018-10768 – poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF
https://notcve.org/view.php?id=CVE-2018-10768
06 May 2018 — There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. Hay una desreferencia de puntero NULL en la función AnnotPath::getCoordsLength en Annot.h en un paquete de Ubuntu para Poppler 0.24.5. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHBA-2019:0327 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15131 – gnome-session: Xsession creation of XDG user directories does not honor system umask policy
https://notcve.org/view.php?id=CVE-2017-15131
09 Jan 2018 — It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. Se ha descubierto que no se respeta la política system umask cuando se crean directorios de usuarios XDG, ya que Xsession obtiene xdg-user-dirs.sh antes de establecer la política umask. Esto solo afecta a xdg-user-dirs en versiones anteriores a la 0.15.5, tal ... • https://access.redhat.com/errata/RHSA-2018:0842 • CWE-266: Incorrect Privilege Assignment CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-1000456 – Ubuntu Security Notice USN-3517
https://notcve.org/view.php?id=CVE-2017-1000456
02 Jan 2018 — freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. freedesktop.org libpoppler 0.60.1 fracasa a la hora de validar límites en TextPool::addWord, lo que conduce a un desbordamiento de los cálculos posteriores. It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. It was discovered that poppler incorrectly ... • https://bugs.freedesktop.org/show_bug.cgi?id=103116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-15565 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-15565
17 Oct 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en la función GfxImageColorMap::getGrayLine() en GfxState.cc mediante un documento PDF manipulado. Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. • https://bugs.freedesktop.org/show_bug.cgi?id=103016 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-14975 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14975
01 Oct 2017 — The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. La función FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL porque una estructura de datos no se inicializa, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). It was discovered that ... • https://bugzilla.freedesktop.org/show_bug.cgi?id=102653 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2017-14976 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14976
01 Oct 2017 — The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. La función FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 puede sufrir una vulnerabilidad de sobrelectura de búfer basada en memoria dinámica (heap) si se utiliza una fuente que provoca una indexación fuera de la memoria, lo que permite a un atacante pr... • https://bugzilla.freedesktop.org/show_bug.cgi?id=102724 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-14977 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14977
01 Oct 2017 — The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. La función FoFiTrueType::getCFFBlock en FoFiTrueType.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL debida a la ausencia de validación de un puntero de tabla, lo que permite a un atacante provocar un ataque de denegación de servicio (DoS). It was dis... • https://bugs.freedesktop.org/show_bug.cgi?id=103045 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14926
https://notcve.org/view.php?id=CVE-2017-14926
29 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en AnnotRichMedia::Content::Content en Annot.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=102601 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14927
https://notcve.org/view.php?id=CVE-2017-14927
29 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en la función SplashOutputDev::type3D0() en SplashOutputDev.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=102604 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14928
https://notcve.org/view.php?id=CVE-2017-14928
29 Sep 2017 — In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. En Poppler 0.59.0, existe una desreferencia de puntero NULL en AnnotRichMedia::Configuration::Configuration en Annot.cc mediante un documento PDF manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=102607 • CWE-476: NULL Pointer Dereference •