285 matches found
CVE-2015-6779
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL...
UBUNTU-CVE-2015-6779
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL...
Code injection
The CPDFDocument::GetPage function in fpdfapi/fpdfparser/fpdfparserdocument.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
CVE-2015-6758
The CPDFDocument::GetPage function in fpdfapi/fpdfparser/fpdfparserdocument.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
CVE-2015-6758
The CVE-2015-6758 entry concerns PDFium in Google Chrome/Chromium. The issue is a bad-cast in CPDF_Document::GetPage within fpdfapi/fpdf_parser/fpdf_parser_document.cpp, exploited via a crafted PDF, enabling a denial of service and possibly other impact. Public details consistently tie this to PD...
Updated chromium-browser package fixes security vulnerabilities
Chromium-browser 44.0.2403.107 fixes several security issues: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...
CVE-2015-1271
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted PDF document that triggers a large memory...
Heap overflow
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted PDF document that triggers a large memory...
Design/Logic Flaw
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the 1 Document::delay and 2...
CVE-2015-1282
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the 1 Document::delay and 2...
Integer overflow
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PDF document...
Out-of-bounds
CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted PDF document...
Buffer overflow
Multiple off-by-one errors in fpdfapi/fpdffont/fontint.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, ...
CVE-2015-1359
Multiple off-by-one errors in fpdfapi/fpdffont/fontint.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, ...
Design/Logic Flaw
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdkmgr.cpp, a different vulnerabili...
CVE-2014-9647
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdkmgr.cpp, a different vulnerabili...
UBUNTU-CVE-2014-9647
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdkmgr.cpp, a different vulnerabili...
CVE-2015-1359
Removed by vendor...
CVE-2014-7945
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document, related to j2k.c, jp2.c, and t2.c...
CVE-2014-7944
The sycc422torgb function in fxcodec/codec/fxcodecjpxopj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...