CVE-2018-1000040

CVE-2018-1000040 affects MuPDF up to 1.12.0 (and earlier) where multiple uses of uninitialized values in the PDF parser can cause a crash or allow the attacker to influence program flow via a crafted file. Consequences documented in connected sources include denial of service and potential code e...

CVE-2018-1000039

CVE-2018-1000039 affects MuPDF up to version 1.12.0, where multiple heap use-after-free bugs in the PDF parser could allow code execution, memory disclosure, or denial of service via crafted files. Connected advisories indicate MuPDF fixes were released (e.g., MuPDF 1.13.0+), addressing these vul...

CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service memory leak via a crafted file...

CVE-2018-1000039

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file...

CVE-2018-1000037

CVE-2018-1000037 affects MuPDF up to 1.12.0 and earlier, where multiple reachable assertions in MuPDF’s PDF parser can be exploited to cause a denial of service (assert crash) via a crafted file. The issue is tied to the PDF parser’s handling of crafted input, enabling a local impact when process...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of serviceDoS. The vulnerability is caused by the use of uninitialized-value in the PDF parser when a malicious file is input...

PT-2018-9224 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: MuPDF versions 1.12.0 and earlier Description: The issue is related to multiple memory leaks in the PDF parser, which can be exploited by an attacker to cause a denial of service memory leak via a crafted file. Recommendations: For MuPDF...

Medium: clamav

Issue Overview: Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

MGASA-2018-0169 Updated clamav packages fix security vulnerabilities

Clamav has been updated to fix 2 security issues and also contains a lot of bugfixes. Out-of-bounds access in the PDF parser CVE-2018-0202 Out-of-bounds heap read in XAR parser CVE-2018-1000085...

Updated clamav packages fix security vulnerabilities

Clamav has been updated to fix 2 security issues and also contains a lot of bugfixes. Out-of-bounds access in the PDF parser CVE-2018-0202 Out-of-bounds heap read in XAR parser CVE-2018-1000085...

DEBIAN-CVE-2018-8002

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

UBUNTU-CVE-2018-8002

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

PoDoFo 'PdfParser::ReadObjectsInternal' function denial-of-service vulnerability

PoDoFo is an open source , written in C++ using the PDF file format library . PoDoFo 0.9.5 version of the base/PdfParser.cpp file of the 'PdfParser::ReadObjectsInternal' function has a security vulnerability. A remote attacker can exploit this vulnerability to cause a denial of service with the...

DEBIAN-CVE-2018-6352

In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file...

PT-2018-16886 · Podofo +2 · Podofo +2

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: The issue is related to an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function. Remote attackers could leverage this to cause a denial-of-service via a crafted pdf file...

DEBIAN-CVE-2018-5296

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file...

Oracle OIT IX SDK libvs_pdf Xref Offset Denial of Service Vulnerability(CVE-2016-3580)

Description A vulnerability in PDF parser of the IX SDK exists that results in out of bounds heap memory access following an unchecked memory allocation operation under specific conditions. Tested Versions Oracle Outside In IX sdk 8.5.1 Product URLs...

CVE-2017-14926

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document...

CVE-2017-3095

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution...

PoDoFo buffer overflow vulnerability (CNVD-2017-07002)

PoDoFo is an open source , written in C++ using the PDF file format library . A buffer overflow vulnerability exists in the PdfParser::ReadObjects function in the base/PdfParser.cpp file in PoDoFo version 0.9.5. A remote attacker can exploit this vulnerability to cause a denial of service...