110 matches found
USN-5438-1 htmldoc vulnerability
It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary...
OESA-2022-1560 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting...
CVE-2021-25636
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...
libsixel缓冲区错误漏洞
libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. libsixel suffers from an invalid read vulnerability that can be exploited by attackers to cause a denial of service DOS via a specially crafted PSD file...
The vulnerability of the Apache OpenOffice office software, related to errors in processing hypertext links, allows a hacker to execute arbitrary code.
The vulnerability of the Apache OpenOffice office software is related to errors in processing hypertext links. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted link within a document...
The vulnerability of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Acrobat Reader Document Cloud lies in the possibility of out-of-buffer operations in memory, allowing attackers to execute arbitrary code.
The vulnerability of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Acrobat Reader Document Cloud lies in the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
SeedDMS 跨站请求伪造漏洞
SeedDMS is a free document management system with an easy-to-use web-based user interface. A cross-site request forgery vulnerability exists in out.EditDocument.php in SeedDMS 5.1.. An attacker can exploit this vulnerability to edit a victim's document...
USN-4696-1 htmldoc vulnerability
It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service...
Foxit PhantomPDF Remote Code Execution Vulnerability (CNVD-2020-62459)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A remote code execution vulnerability exists in Foxit PhantomPDF's handling of U3D objects embedded in PDF files. The vulnerability stems from improper validation of user-supplied data. An...
The vulnerability of the ww8par2.cxx filter in the OpenOffice office suite allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the ww8par2.cxx filter in the OpenOffice office suite is related to an error in the sprmTSetBrc property modifier in documents. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...
CVE-2019-19496
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document...
CVE-2018-3983
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this...
USN-4138-1 libreoffice vulnerability
It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code...
PT-2019-19432 · Podofo +2 · Podofo +2
Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.6 Description: The issue is related to a NULL pointer dereference in the setSource function, which can be triggered by sending a crafted PDF file. This can cause a Denial of Service Segmentation fault or possibly have other...
Microsoft XmlDocument Class Privilege Vulnerability
Microsoft Windows 10, etc. are a series of operating systems released by Microsoft Corporation in the U.S. The XmlDocument class is one of the classes used to load XML into the document object model. An elevation vulnerability exists in the Microsoft XmlDocument class that can be exploited by a...
Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability (CNVD-2018-21100)
Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. Adobe Acrobat and Reader security vulnerabilities exist. Remote attackers can exploit the...
Adobe Acrobat and Reader Heap Overflow Vulnerability (CNVD-2019-05311)
Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. Adobe Acrobat and Reader in the existence of a heap overflow vulnerability. A remote...
Iceni Argus Buffer Overflow Vulnerability
Iceni Argus is the British Iceni company's set of PDF document type conversion tool. Iceni Argus 6.6.05 version of the 'ipStringCreate' function there is a heap buffer overflow vulnerability, an attacker can send specially crafted pdf files to exploit the vulnerability caused by heap corruption,...
Polaris office 2017 suffers from a denial of service vulnerability (CNVD-2018-02908)
Polaris Office is an office software developed by INFRAWARE, a South Korean company. You can view and edit Word documents, Excel tables, Microsoft Office PowerPoint slides and other commonly used office documents. A denial of service vulnerability exists in the Polaris office 2017 executable...
Apache OpenOffice DOC File Parsing Remote Code Execution Vulnerability
Apache OpenOffice is open and free word processing software. The OpenOffice Writer DOC file parser and WW8Fonts constructor handles DOC file vulnerabilities, allowing remote attackers to exploit the vulnerability by submitting a special file and tricking the user into parsing it, which can crash...