660 matches found
CVE-2008-1693
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...
CVE-2008-1693
CVE-2008-1693 involves Poppler (and associated viewers such as Xpdf, Evince, gpdf, kdegraphics, xpdf) where CairoFont::create in CairoFontEngine.cc mishandles embedded PDF fonts, leading to possible remote code execution via a crafted font object. Root cause: dereferencing a function pointer tied...
CVE-2008-1693
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...
xpdf: embedded font vulnerability
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...
Important: Red Hat Security Advisory: poppler security update
Updated poppler packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as Evince. Kees Cook discovered ...
xpdf: embedded font vulnerability
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...
Debian: Security Advisory (DSA-1243-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1243-1 (evince)
The remote host is missing an update to evince announced via advisory DSA 1243-1. Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow...
SuSE 10 Security Update : evince (ZYPP Patch Number 2358)
Specially crafted Postscript files could be used to execute arbitrary code by causing a buffer overflow in evince. CVE-2006-5864 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
GLSA-200711-22 : Poppler, KDE: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200711-22 Poppler, KDE: User-assisted execution of arbitrary code Alin Rad Pop Secunia Research discovered several vulnerabilities in the 'Stream.cc' file of Xpdf: An integer overflow in the DCTStream::reset method and a boundary...
Poppler, KDE: User-assisted execution of arbitrary code
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Description Alin Rad Pop Secunia Research discovered sever...
Ubuntu 5.10 / 6.06 LTS / 6.10 : evince vulnerability (USN-390-2)
USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an...
Ubuntu 5.10 / 6.06 LTS / 6.10 : evince vulnerability (USN-390-1)
A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding...
Ubuntu 6.06 LTS / 6.10 : evince-gtk vulnerability (USN-390-3)
USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrar...
RHEL 5 : poppler (RHSA-2007:1026)
Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop...
Important: Red Hat Security Advisory: poppler security update
Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop...
openSUSE 10 Security Update : evince (evince-2362)
Specially crafted Postscript files could be used to execute arbitrary code by causing a buffer overflow in evince CVE-2006-5864. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update evince-2362. Th...
GLSA-200709-12 : Poppler: Two buffer overflow vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200709-12 Poppler: Two buffer overflow vulnerabilities Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The...
RHEL 5 : poppler (RHSA-2007:0732)
Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Maury...
GLSA-200704-06 : Evince: Stack overflow in included gv code
The remote host is affected by the vulnerability described in GLSA-200704-06 Evince: Stack overflow in included gv code Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact : An attacker could entice a user to ope...