CVSS: 6.8EPSS: 0%CPEs: 75EXPL: 0CVE-2010-3704 – xpdf: array indexing error in FoFiType1::parse()
https://notcve.org/view.php?id=CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. La función FoFiType1::parse en fofi/FoFiType1.cc del parseador de PDF de xpdf antes de v3.02pl5, poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, kdegraphics, y posiblemente otros productos, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario mediante un archivo PDF con una fuente Type1 modificada que contiene un índice de matriz negativo, el cual se salta la validación de entrada y que provoca una corrupción de memoria. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html http://lists.fedoraproject.org/pipermail/package • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 5%CPEs: 59EXPL: 1CVE-2009-3606 – xpdf/poppler: PSOutputDev:: doImageL1Sep integer overflow
https://notcve.org/view.php?id=CVE-2009-3606
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Desbordamiento de entero en la función PSOutputDev::doImageL1Sep en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF, podría permitir a atacantes remotos la ejecución de código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://secunia.com/advisories/37023 http://s • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 5%CPEs: 48EXPL: 0CVE-2009-3605
https://notcve.org/view.php?id=CVE-2009-3605
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791. Múltiples desbordamientos de entero en Poppler v0.10.5 y anteriores permiten a usuarios remotos provocar una denegación de servicio (caida de la aplicación) o probablemente ejecutar código de su elección a través de un fichero PDF modificado. Relacionado con (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc y (7) SplashOutputDev.cc en poppler/; y (8) SplashBitmap.cc, (9) Splash.cc y (10) SplashFTFont.cc en splash/. NOTA: esta vulnerabilidad se puede sobrelapar con CVE-2009-0791. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5 http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://secunia.com/advisories/37114 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 http://sunsolve.sun.com/search/document.do? • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 4%CPEs: 55EXPL: 0CVE-2009-3607
https://notcve.org/view.php?id=CVE-2009-3607
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. la función create_surface_from_thumbnail_data en glib/poppler-page.cc en Poppler v0.x, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). NOTA: algunos de los detalles han sido obtenidos a partir de información de terceros. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706 http://secunia.com/advisories/37054 http://secunia.com/advisories/37114 http://secunia.com/advisories/37159 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 http://www.debian.org/security/2009/dsa-1941 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.openwall.com/lists/oss-security/2009/12/01/1&# • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 5%CPEs: 58EXPL: 1CVE-2009-3603 – xpdf/poppler: SplashBitmap:: SplashBitmap integer overflow
https://notcve.org/view.php?id=CVE-2009-3603
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. Desbordamiento de entero en la función SplashBitmap::SplashBitmap en Xpdf v3.x anterior a v3.02pl4 y Poppler anteior a v0.12.1, podría permitir a atacantes remotos la ejecución de código de su elección a través de un documento PDF manipulado que provoca un un desbordamiento de búfer basado en memoria dinámica (heap). NOTA: algunos detalles han sido obtenidos a partir de información de terceros. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37034 http://secunia.com/advisories/37053 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •