490 matches found
CVE-2022-37371
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
PT-2023-19521 · Unknown · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor version 9.3 Description: A potential memory issue due to insufficient input validation in PDFXEditCore.x64.dll may allow attackers to execute code when a user opens a crafted PDF file. The issue occurs when handling a large...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in versions prior to Google Chrome 110.0.5481.177 that stems from an integer overflow issue in PDF. An attacker exploits the vulnerability to cause heap corruption via specially crafted PDF files...
SUSE CVE-2009-0147
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2Stream::readSymbolDictSeg, 2 JBIG2Stream::readSymbolDictSeg, and 3...
SUSE CVE-2009-2993
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the 1 Privileged Context and 2 Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and...
SUSE CVE-2009-3603
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party...
SUSE CVE-2009-3606
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow...
SUSE CVE-2009-4324
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild...
SUSE CVE-2013-0640
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted PDF document, as exploited in the wild in February 2013...
SUSE CVE-2015-1282
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the 1 Document::delay and 2...
SUSE CVE-2016-1619
Multiple integer overflows in the 1 sycc422torgb and 2 sycc444torgb functions in fxcodec/codec/fxcodecjpxopj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted...
SUSE CVE-2016-5184
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFLFormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files...
SUSE CVE-2017-5108
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file...
SUSE CVE-2017-8787
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted PDF file...
SUSE CVE-2017-14928
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document...
SUSE CVE-2017-17858
Heap-based buffer overflow in the ensuresolidxref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted...
SUSE CVE-2018-5158
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...
SUSE CVE-2019-1786
A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper...
SUSE CVE-2019-1787
A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper da...
SUSE CVE-2020-16002
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...