Page 7 of 100 results (0.017 seconds)

CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 1

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. En Poppler 0.68.0, la función Parser::getObj() en Parser.cc podría provocar una recursión infinita mediante un archivo manipulado. Un atacante remoto puede aprovecharse de esto para provocar un ataque de denegación de servicio (DoS). • https://access.redhat.com/errata/RHSA-2019:2022 https://bugzilla.redhat.com/show_bug.cgi?id=1622951 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://usn.ubuntu.com/3837-1 https://usn.ubuntu.com/3837-2 https://access.redhat.com/security/cve/CVE • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. Poppler hasta la versión 0.62 contiene una vulnerabilidad de lectura fuera de límites debido a un acceso incorrecto a la memoria que no se mapea en su espacio de memoria, tal y como queda demostrado con pdfunite. Esto puede resultar en la corrupción de memoria y una denegación de servicio (DoS). • http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988 https://bugzilla.redhat.com/show_bug.cgi?id=1602838 https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee https://lists.debian.org/debian-lts-announce/2018/10/msg00024.ht • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 1%CPEs: 10EXPL: 1

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. La función FoFiType1C::cvtGlyph en fofi/FoFiType1C.cc en Poppler 0.64.0 permite que atacantes remotos provoquen una denegación de servicio (recursión infinita) mediante un archivo PDF manipulado, tal y como demuestra pdftops. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.freedesktop.org/show_bug.cgi?id=103238 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://usn.ubuntu.com/3647-1 https://access.redhat.com/security/cve/CVE-2017-18267 https://bugzilla.redhat.com/show_bug.cgi?id=1578777 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. Hay una desreferencia de puntero NULL en la función AnnotPath::getCoordsLength en Annot.h en un paquete de Ubuntu para Poppler 0.24.5. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.freedesktop.org/show_bug.cgi?id=106408 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://usn.ubuntu.com/3647-1 https://access.redhat.com/security/cve/CVE-2018-10768 https://bugzilla.redhat.com/show_bug.cgi?id=1576169 • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. freedesktop.org libpoppler 0.60.1 fracasa a la hora de validar límites en TextPool::addWord, lo que conduce a un desbordamiento de los cálculos posteriores. • https://bugs.freedesktop.org/show_bug.cgi?id=103116 https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html https://www.debian.org/security/2018/dsa-4097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •