CVE-2017-15253

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2."...

CVE-2017-15254

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5."...

CVE-2017-15255

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0."...

CVE-2017-15257

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a."...

CVE-2017-15261

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35."...

CVE-2017-15262

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c."...

CVE-2017-15244

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

CVE-2017-15248

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6."...

CVE-2017-15260

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59."...

CVE-2017-15241

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."...

CVE-2017-15252

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb."...

CVE-2017-15252

Affected software: IrfanView 4.44 (32‑bit) with PDF plugin 4.43. The vulnerability is a buffer overflow/read access violation in the PDF handling path (PDF!xmlListWalk+0x...), allowing arbitrary code execution or denial of service when processing a crafted PDF. Impact stated in sources includes a...

Xxe

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

CVE-2017-6344

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

CVE-2017-6344

CVE-2017-6344 describes an XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 that allows an attacker to read arbitrary files by submitting a crafted XML document. The issue arises from XXE in the plugin’s XML processing. Public references (NVD entry and CNVD/PRION/CVE landings) con...

CVE-2017-6344

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

Grails PDF Plugin 0.6 - XML External Entity Injection

Grails PDF Plugin 0.6 - XML External Entity Injection Exploit Title: Grails PDF Plugin 0.6 XXE Date: 21/02/2017 Vendor Homepage: http://www.grails.org/plugin/pdf Software Link: https://github.com/aeischeid/grails-pdfplugin Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website...

Grails PDF Plugin 0.6 - XML External Entity Injection

Exploit Title: Grails PDF Plugin 0.6 XXE Date: 21/02/2017 Vendor Homepage: http://www.grails.org/plugin/pdf Software Link: https://github.com/aeischeid/grails-pdfplugin Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/grails-pdf-plugin-xxe...

CVE-2016-5206

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

CVE-2016-5206

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...