Page 8 of 44 results (0.003 seconds)

CVSS: 6.9EPSS: 0%CPEs: 33EXPL: 0

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Vulnerabilidad de ruta de búsqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a través de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo a la macro SYSTEM_XPDFRC no fijada en el proceso de construcción Gentoo, que usa la biblioteca poppler. • http://bugs.gentoo.org/show_bug.cgi?id=200023 http://bugs.gentoo.org/show_bug.cgi?id=242930 http://osvdb.org/53529 http://secunia.com/advisories/34610 http://security.gentoo.org/glsa/glsa-200904-07.xml http://www.securityfocus.com/bid/34401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.6EPSS: 0%CPEs: 39EXPL: 0

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. • http://secunia.com/advisories/18948 http://secunia.com/advisories/19021 http://secunia.com/advisories/19065 http://secunia.com/advisories/19091 http://secunia.com/advisories/19164 http://secunia.com/advisories/19364 http://secunia.com/advisories/19644 http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz http://www.debian.org/security/2006/dsa-1019 http://www.debian.org/security/2006/dsa-979 http://www.debian.org/security&#x •

CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 0

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://bugs.debian.org/cgi-bin/bugreport.cgi&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 0

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-an • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 146EXPL: 0

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilidades originales. • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 http://www.mandriva.com/security/advisories?name=MDKSA-2005:042 http://www.mandriva.com/security/advisories?name=MDKSA-2005:043 http://www.mandriva.com/security/advisories?name=MDKSA-2005:044 http://www.mandriva.com/security/advisories? •