140 matches found
CVE-2024-8049 Telerik Document Processing Improper Handling of Memory Resources
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 2024.4.1106, importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable...
Progress Telerik Document Processing Libraries 安全漏洞
Progress Telerik Document Processing Libraries is a document processing library from Progress USA. A security vulnerability exists in versions of Progress Telerik Document Processing Libraries prior to 2024 Q4, which originates when importing a document with unsupported functionality can lead to...
CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...
CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...
CVE-2024-23450
A flaw was found in elasticsearch. Trying to process a document in a deeply nested pipeline may cause the related ingest node to crash, resulting in a Denial of Service...
Elasticsearch Uncontrolled Resource Consumption vulnerability
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
CVE-2024-23450
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
UBUNTU-CVE-2024-23450
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
The vulnerability of the gdev_prn_open_printer_seekable() function in the interpreter for software that processes, transforms, and generates Ghostscript documents allows a attacker to cause a service failure.
The vulnerability of the gdevprnopenprinterseekable function in the interpreter for Ghostscript software, which is used for document processing, conversion, and generation, is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause...
PT-2023-30328 · Typo3 · Typo3/Html-Sanitizer
Name of the Vulnerable Software and Affected Versions: typo3/html-sanitizer versions prior to 1.5.3 typo3/html-sanitizer versions prior to 2.1.4 Description: The issue arises from incorrect handling of DOM processing instructions, allowing bypassing of the cross-site scripting mechanism of...
The vulnerability of the PyPDF2 library for processing PDF files, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.
The vulnerability of the PyPDF2 library for processing PDF files relates to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures...
UBUNTU-CVE-2023-46250
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...
CVE-2023-35126
An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, whic...
CVE-2023-35126
CVE-2023-35126 affects JustSystems Ichitaro 2023 where the vulnerability resides in the parsing of the DocumentViewStyles and DocumentEditStyles streams (record type 0x2008). The root cause is an out-of-bounds index into a 6-element lv_objects array used during readStyleType(2008), which enables ...
USN-6433-1 ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code...
ROS-20230911-05
Vulnerability in the document processing, conversion and generation software suite Ghostscript exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by using t...
OESA-2023-1561 poppler security update
poppler is a PDF rendering library. Security Fixes: Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.CVE-2020-23804 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a...
The vulnerability of the PDF-XChange document viewing and editing program relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the PDF-XChange PDF document viewing and editing program lies in the escape of operations from the buffer in memory during PDF file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created link or a specially created fil...
ROS-20230414-01
A vulnerability in the Ghostscript document processing toolkit is related to a buffer overflow in the BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers. BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers, in case when the write buffer is underfilled by one byte and then a shielded...
The vulnerability of the Ghostscript software for document processing, conversion, and generation, related to writing beyond buffer boundaries in memory, allows a perpetrator to execute arbitrary code.
The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...