CVE-2024-6239 – Poppler: pdfinfo: crash in broken documents when using -dests parameter
https://notcve.org/view.php?id=CVE-2024-6239
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. • https://access.redhat.com/security/cve/CVE-2024-6239 https://bugzilla.redhat.com/show_bug.cgi?id=2293594 https://access.redhat.com/errata/RHSA-2024:5305 • CWE-20: Improper Input Validation •
CVE-2022-37050
https://notcve.org/view.php?id=CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. En Poppler 22.07.0, PDFDoc::savePageAs en PDFDoc.c permite a los atacantes provocar una denegación de servicio (la aplicación se bloquea con SIGABRT) mediante la creación de un archivo PDF en el que la estructura de datos xref se maneja incorrectamente en el procesamiento getCatalog. Tenga en cuenta que esta vulnerabilidad está causada por el parche incompleto de CVE-2018-20662. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html •
CVE-2022-37051
https://notcve.org/view.php?id=CVE-2022-37051
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. Se ha descubierto un problema en Poppler 22.07.0. Hay un aborto alcanzable que conduce a la denegación de servicio debido a que la función principal en pdfunite.cc carece de una comprobación de flujo antes de guardar un archivo incrustado. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html • CWE-617: Reachable Assertion •
CVE-2022-37052
https://notcve.org/view.php?id=CVE-2022-37052
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. Una aserción alcanzable Object::getString en Poppler 22.07.0 permite a los atacantes causar una denegación de servicio debido a un fallo en markObject. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278 • CWE-617: Reachable Assertion •
CVE-2023-34872
https://notcve.org/view.php?id=CVE-2023-34872
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K https://lists.fedorapro •