CVE-2010-3702 – xpdf: uninitialized Gfx::parser pointer dereference
https://notcve.org/view.php?id=CVE-2010-3702
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. La función Gfx::getPos en el analizador PDF en Xpdf versión anterior a 3.02 PL5, Poppler versión 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros productos permite que los atacantes dependiendo del contexto generen una denegación de servicio (bloqueo) por medio de vectores desconocidos que desencadenan una desreferencia de puntero no inicializada. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html http://lists.fedoraproject.org/pipermail/package • CWE-476: NULL Pointer Dereference •
CVE-2009-3938
https://notcve.org/view.php?id=CVE-2009-3938
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file. Desbordamiento de búfer en la función ABWOutputDev::endWord en poppler/ABWOutputDev.cc en Poppler (alias libpoppler) 0.10.6, 0.12.0 y posiblemente otras versiones, tal como se usa en la utilidad Abiword pdftoabw, permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante un fichero PDF manipulado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680 http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edit http://bugs.freedesktop.org/show_bug.cgi?id=23074 http://secunia.com/advisories/37333 http://www.debian.org/security/2009/dsa-1941 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.securityfocus.com/bid/36976 http://www.vupen.com/english/advisories/2009/3227 https://exchange.xforce.ibmcloud.com/vulnerabilities/54215 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3606 – xpdf/poppler: PSOutputDev:: doImageL1Sep integer overflow
https://notcve.org/view.php?id=CVE-2009-3606
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Desbordamiento de entero en la función PSOutputDev::doImageL1Sep en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF, podría permitir a atacantes remotos la ejecución de código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://secunia.com/advisories/37023 http://s • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-3603 – xpdf/poppler: SplashBitmap:: SplashBitmap integer overflow
https://notcve.org/view.php?id=CVE-2009-3603
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. Desbordamiento de entero en la función SplashBitmap::SplashBitmap en Xpdf v3.x anterior a v3.02pl4 y Poppler anteior a v0.12.1, podría permitir a atacantes remotos la ejecución de código de su elección a través de un documento PDF manipulado que provoca un un desbordamiento de búfer basado en memoria dinámica (heap). NOTA: algunos detalles han sido obtenidos a partir de información de terceros. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37034 http://secunia.com/advisories/37053 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-3607
https://notcve.org/view.php?id=CVE-2009-3607
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. la función create_surface_from_thumbnail_data en glib/poppler-page.cc en Poppler v0.x, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). NOTA: algunos de los detalles han sido obtenidos a partir de información de terceros. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706 http://secunia.com/advisories/37054 http://secunia.com/advisories/37114 http://secunia.com/advisories/37159 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 http://www.debian.org/security/2009/dsa-1941 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.openwall.com/lists/oss-security/2009/12/01/1 • CWE-189: Numeric Errors •