CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6239 – Poppler: pdfinfo: crash in broken documents when using -dests parameter
https://notcve.org/view.php?id=CVE-2024-6239
21 Jun 2024 — A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. • https://access.redhat.com/security/cve/CVE-2024-6239 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-23804 – Ubuntu Security Notice USN-6508-2
https://notcve.org/view.php?id=CVE-2020-23804
22 Aug 2023 — Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. La recursión incontrolada en pdfinfo y pdftops en poppler 0.89.0 permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada. USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/936 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34872 – Ubuntu Security Notice USN-6273-1
https://notcve.org/view.php?id=CVE-2023-34872
31 Jul 2023 — A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
30 Aug 2022 — Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGSt... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El proc... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 64%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
24 Aug 2021 — An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •