CVE-2018-19452

A use after free in the TextBox field Mouse Enter action in IReaderContentProvider can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free...

DEBIAN-CVE-2019-1787

A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper da...

DEBIAN-CVE-2019-1786

A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper...

UBUNTU-CVE-2019-1787

A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper da...

UBUNTU-CVE-2019-9587

There is a stack consumption issue in md5Round1 located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact. This is related...

PT-2019-19729 · Foxtan +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01 Description: The issue is related to an invalid memory access in the gAtomicIncrement function, located in GMutex.h. This can be triggered by sending a crafted pdf file to the pdftops binary, for example. The impact of this...

UBUNTU-CVE-2019-9199

PoDoFo::Impose::PdfTranslator::setSource in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can for example be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified...

UBUNTU-CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine located at Stream.cc in Poppler 0.74.0 that can for example be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impa...

DEBIAN-CVE-2018-20065

Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file...

UBUNTU-CVE-2018-20481

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc...

Google Chrome PDFium memory misreference vulnerability (CNVD-2019-01590)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A memory misreference vulnerability exists in PDFium in versions prior to Google Chrome 71.0.3578.80. A remote attacker can exploit this vulnerability to cause...

Google Chrome PDFium memory misreference vulnerability (CNVD-2019-01591)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A memory misreference vulnerability exists in PDFium in versions prior to Google Chrome 71.0.3578.80. A remote attacker can exploit this vulnerability to cause...

UBUNTU-CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

Google Chrome PDFium heap buffer overflow vulnerability (CNVD-2018-24369)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A heap buffer overflow vulnerability exists in PDFium in versions of Google Chrome prior to 70.0.3538.67. A remote attacker can exploit this vulnerability to...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23230)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the parsing process of PDF documents in Foxit Reader 9.2.0.9297 and earlier versions...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20722)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20724)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20725)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20723)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit PDF Reader JavaScript Engine Remote Code Execution Vulnerability (CNVD-2018-20719)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A remote code execution vulnerability exists in the JavaScript engine in Foxit PDF Reader. A remote attacker can exploit this vulnerability to execut...