Lucene search
K

154 matches found

AlpineLinux
AlpineLinux
added 2020/06/04 2:53 p.m.15 views

CVE-2020-13808

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data...

7.5CVSS6.9AI score0.0153EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/09/12 12:17 p.m.3 views

poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc...

6.5CVSS5.9AI score0.03422EPSS
Exploits1References4
OSV
OSV
added 2019/01/31 9:29 a.m.2 views

CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1
NVD
NVD
added 2019/01/31 9:29 a.m.15 views

CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1
CVE
CVE
added 2019/01/31 8:0 a.m.38 views

CVE-2019-7250

The CVE-2019-7250 issue affects the Cross Reference Add-on 36 for Google Docs. The vulnerability is a Stored XSS flaw in the plugin’s configuration panel preview boxes, where crafted label and references text can inject JavaScript code (via SCRIPT elements, event handlers, etc.). The stored paylo...

6.1CVSS5.8AI score0.00826EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/01/03 1:29 p.m.1 views

DEBIAN-CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

6.5CVSS7.2AI score0.02243EPSS
Exploits0References1
OSV
OSV
added 2019/01/03 12:0 a.m.2 views

UBUNTU-CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

6.5CVSS6.8AI score0.02243EPSS
Exploits0References3
OSV
OSV
added 2018/12/26 4:29 a.m.1 views

DEBIAN-CVE-2018-20481

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc...

6.5CVSS7.1AI score0.03422EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/25 12:0 a.m.2 views

Foxit Quick PDF Library Out-of-Bounds Memory Access Vulnerability

Foxit Quick PDF Library is China's Foxit Foxit Software Corporation, a PDF SDK Software Development Kit. The product is mainly used to create, render and edit PDF documents. An out-of-bounds memory access vulnerability exists in Foxit Quick PDF Library. An attacker could cause an access conflict ...

9.8CVSS6.9AI score0.01652EPSS
Exploits0References1
OSV
OSV
added 2018/09/06 11:29 p.m.1 views

UBUNTU-CVE-2018-16647

In Artifex MuPDF 1.13.0, the pdfgetxrefentry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service segmentation fault in fzwritedata in fitz/output.c via a crafted pdf file...

5.5CVSS5.8AI score0.0147EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2018/09/06 12:0 a.m.4 views

PT-2018-13669 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.13.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, via a crafted pdf file. This occurs due to a problem in the pdf get xref entry function...

9.8CVSS6.5AI score0.15181EPSS
Exploits19References60
CNVD
CNVD
added 2018/04/24 12:0 a.m.3 views

Artifex Software MuPDF Denial of Service Vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A security vulnerability exists in the 'fzskipspace' function in the pdf/pdf-xref.c file in Artifex Software MuPDF version 1.13.0. A remote attacker can exploit this vulnerability to cause a denial of service wit...

5.5CVSS6.8AI score0.0106EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/11 12:0 a.m.3 views

LXR OS Command Injection Vulnerability

LXR is a general-purpose source code indexing and cross-referencing program. A security vulnerability exists in LXR versions 1.0.0 through 2.3.0. A remote attacker can exploit the vulnerability to execute arbitrary operating system commands...

10CVSS7.7AI score0.03117EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/03/14 12:0 a.m.32 views

Tuleap 'CVE-2018-7538' SQLi Vulnerability

Tuleap is prone to an SQL injection SQLi vulnerability in the tracker functionality. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

9.8CVSS8.1AI score0.04462EPSS
Exploits6References2
OSV
OSV
added 2018/02/15 9:29 p.m.2 views

DEBIAN-CVE-2018-7174

An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...

5.5CVSS6.8AI score0.00846EPSS
Exploits0References1
OSV
OSV
added 2018/02/02 9:29 a.m.2 views

DEBIAN-CVE-2018-6544

pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...

5.5CVSS6.7AI score0.01601EPSS
Exploits1References1
Snyk
Snyk
added 2018/01/08 7:29 a.m.1 views

Resource Management Errors

Overview Affected versions of this package are vulnerable to Resource Management Errors. In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service vi...

5.5CVSS6.8AI score0.01044EPSS
Exploits1References2
CNVD
CNVD
added 2017/10/19 12:0 a.m.4 views

Artifex MuPDF Numeric Error Vulnerability

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. An integer overflow vulnerability exists in the pdfreadnewxrefsection of the pdf/pdf-xref.c file in Artifex MuPDF version 1.11. A remote attacker can exploit this vulnerability to write data to an arbitrary memory location...

7.8CVSS7.7AI score0.00997EPSS
Exploits0References1
OSV
OSV
added 2017/10/18 8:29 a.m.4 views

UBUNTU-CVE-2017-15587

An integer overflow was discovered in pdfreadnewxrefsection in pdf/pdf-xref.c in Artifex MuPDF 1.11...

7.8CVSS7.1AI score0.00997EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2017/06/28 2:22 p.m.8 views

catalog.hortonww.com XSS vulnerability

Vulnerable URL: http://catalog.hortonww.com/catalog/crossreference.asp?enginemfg=BORGWARNER=1/-///'/"//--...

6.9AI score
Exploits0
Rows per page
Query Builder