154 matches found
CVE-2020-13808
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data...
poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc...
CVE-2019-7250
An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...
CVE-2019-7250
An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...
CVE-2019-7250
The CVE-2019-7250 issue affects the Cross Reference Add-on 36 for Google Docs. The vulnerability is a Stored XSS flaw in the plugin’s configuration panel preview boxes, where crafted label and references text can inject JavaScript code (via SCRIPT elements, event handlers, etc.). The stored paylo...
DEBIAN-CVE-2018-20662
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...
UBUNTU-CVE-2018-20662
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...
DEBIAN-CVE-2018-20481
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc...
Foxit Quick PDF Library Out-of-Bounds Memory Access Vulnerability
Foxit Quick PDF Library is China's Foxit Foxit Software Corporation, a PDF SDK Software Development Kit. The product is mainly used to create, render and edit PDF documents. An out-of-bounds memory access vulnerability exists in Foxit Quick PDF Library. An attacker could cause an access conflict ...
UBUNTU-CVE-2018-16647
In Artifex MuPDF 1.13.0, the pdfgetxrefentry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service segmentation fault in fzwritedata in fitz/output.c via a crafted pdf file...
PT-2018-13669 · Artifex +1 · Mupdf +1
Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.13.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, via a crafted pdf file. This occurs due to a problem in the pdf get xref entry function...
Artifex Software MuPDF Denial of Service Vulnerability
Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A security vulnerability exists in the 'fzskipspace' function in the pdf/pdf-xref.c file in Artifex Software MuPDF version 1.13.0. A remote attacker can exploit this vulnerability to cause a denial of service wit...
LXR OS Command Injection Vulnerability
LXR is a general-purpose source code indexing and cross-referencing program. A security vulnerability exists in LXR versions 1.0.0 through 2.3.0. A remote attacker can exploit the vulnerability to execute arbitrary operating system commands...
Tuleap 'CVE-2018-7538' SQLi Vulnerability
Tuleap is prone to an SQL injection SQLi vulnerability in the tracker functionality. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
DEBIAN-CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...
DEBIAN-CVE-2018-6544
pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...
Resource Management Errors
Overview Affected versions of this package are vulnerable to Resource Management Errors. In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service vi...
Artifex MuPDF Numeric Error Vulnerability
Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. An integer overflow vulnerability exists in the pdfreadnewxrefsection of the pdf/pdf-xref.c file in Artifex MuPDF version 1.11. A remote attacker can exploit this vulnerability to write data to an arbitrary memory location...
UBUNTU-CVE-2017-15587
An integer overflow was discovered in pdfreadnewxrefsection in pdf/pdf-xref.c in Artifex MuPDF 1.11...
catalog.hortonww.com XSS vulnerability
Vulnerable URL: http://catalog.hortonww.com/catalog/crossreference.asp?enginemfg=BORGWARNER=1/-///'/"//--...