Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API

Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in API...

MGASA-2019-0117 Updated poppler packages fix security vulnerabilities

The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data...

Foxit Reader and PhantomPDF Out-of-Bounds Read Vulnerability

Foxit Reader for Windows is China's Foxit Foxit software company's a Windows-based platform for PDF document reader. PhantomPDF for Windows is its commercial version. An out-of-bounds read vulnerability exists in the processing of PDF files in Foxit Reader 9.3.0.10826 and earlier versions for...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2019-18183 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.5.1 through 11.5.8 BIG-IP versions 11.6.1 through 11.6.3.2 BIG-IP versions 12.1.0 through 12.1.3.7 BIG-IP version 13.0.0 Description: The Application Acceleration Manager AAM wamd process in BIG-IP fails to drop group...

Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2019-18288 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a...

CVE-2018-17699

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-14317

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14317

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Type confusion

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Integer Overflow

libpoppler.so is vulnerable to integer overflows. A malicious user can pass a PDF file with an embedded JPEG 2000 encoded image in it to cause an integer overflow that can crash the application or cause arbitrary code to be executed...

DEBIAN-CVE-2017-18185

An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the PlBuffer::write function in PlBuffer.cc. It is caused by an integer overflow in the PNG filter...

Adobe Acrobat/Reader Out-of-Bounds Read Vulnerability (CNVD-2017-36601)

Adobe Acrobat and Reader is the United States of America Odooby publicly issued PDF file processing program. Adobe Acrobat and Reader processing PDF files exist out-of-bounds read vulnerability, allowing remote attackers can exploit the vulnerability to submit a special file, inducing the user to...

CVE-2017-15565

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine function in GfxState.cc via a crafted PDF document...

Design/Logic Flaw

The buildfilterchain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service Fitz fzdropimp use-after-free and application crash or possibly have unspecified oth...

Memory Corruption Vulnerability in Pleasant Book PDF Reader

Yue Book PDF Reader is an e-book reader developed by Shenzhen Ivy Software Technology Co. YueShu PDF Reader suffers from a memory corruption vulnerability when processing PDF files. An attacker can cause the program to crash by constructing some malformed PDF files...

DEBIAN-CVE-2017-15015

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c...

ALPINE-CVE-2017-11625

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."...

CVE-2017-3094

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution...