SUSE CVE-2009-0147

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2Stream::readSymbolDictSeg, 2 JBIG2Stream::readSymbolDictSeg, and 3...

SUSE CVE-2009-2993

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the 1 Privileged Context and 2 Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and...

SUSE CVE-2009-3603

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party...

SUSE CVE-2009-3606

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow...

SUSE CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild...

SUSE CVE-2013-0640

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted PDF document, as exploited in the wild in February 2013...

SUSE CVE-2015-1282

Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the 1 Document::delay and 2...

SUSE CVE-2016-1619

Multiple integer overflows in the 1 sycc422torgb and 2 sycc444torgb functions in fxcodec/codec/fxcodecjpxopj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted...

SUSE CVE-2016-5184

PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFLFormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files...

SUSE CVE-2017-5108

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file...

SUSE CVE-2017-8787

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted PDF file...

SUSE CVE-2017-14928

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document...

SUSE CVE-2017-17858

Heap-based buffer overflow in the ensuresolidxref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted...

SUSE CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

SUSE CVE-2019-1786

A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper...

SUSE CVE-2019-1787

A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of proper da...

SUSE CVE-2020-16002

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

SUSE CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

SUSE CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

DEBIAN-CVE-2023-24808

PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service DOS vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28...