Lucene search

K
osvGoogleOSV:USN-5282-1
HistoryJun 03, 2022 - 7:54 a.m.

pdfresurrect vulnerabilities

2022-06-0307:54:24
Google
osv.dev
12
pdfresurrect
vulnerabilities
ubuntu esm
buffer overflow
arbitrary code execution
denial of service
memory validation
out-of-bounds writes
infinite loop
system crash

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

73.7%

It was discovered that PDFResurrect was incorrectly handling corrupted PDF
files. An attacker could possibly use this issue to cause a buffer overflow,
resulting in a denial of service, or arbitrary code execution. This issue
only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14267)

It was discovered that PDFResurrect incorrectly handled memory when loading
PDF pages. An attacker could possibly use this issue to cause a heap
buffer overflow, resulting in a denial of service, or arbitrary code execution.
This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2019-14934)

It was discovered that PDFResurrect was incorrectly validating header data in
input PDF files. An attacker could possibly use this issue to cause a heap
buffer overflow, resulting in a denial of service, or arbitrary code execution.
This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-20740)

Carter Yagemann discovered that PDFResurrect incorrectly handled certain memory
operations during PDF summary generation. An attacker could use this to
cause out-of-bounds writes, resulting in a denial of service (system crash)
or arbitrary code execution. This issue only affected Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2020-9549)

It was discovered that PDFResurrect was incorrectly processing data when
performing trailer search operations. An attacker could possibly use this issue
to cause an infinite loop, resulting in a denial of service. (CVE-2021-3508)