CVE-2009-3604

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted P...

CVE-2009-3604

CVE-2009-3604 affects Xpdf 2.x/3.x up to 3.02pl4 and Poppler 0.x, used in GPdf and kdegraphics KPDF. The root cause is improper memory allocation in Splash::drawImage, which may trigger a NULL pointer dereference or a heap-based buffer overflow when parsing crafted PDFs. Consequences include deni...

CVE-2009-3608

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based...

CVE-2009-3617

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a download URI. NOTE: som...

Mandriva Linux Security Advisory : cups (MDVSA-2009:282-1)

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2Stream::readSymbolDictSeg, 2 JBIG2Stream::readSymbolDictSeg, and 3...

CVE-2009-2994

Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors...

CVE-2009-2991

Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2009-3462

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."...

CVE-2009-3711

Stack-based buffer overflow in the hhandlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request...

Heap overflow

Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via 1 a crafted ASF file or 2 crafted streaming content, aka "WMP Heap Overflow Vulnerability."...

Mandrake Security Advisory MDVSA-2009:260 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory MDVSA-2009:260. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2009-3663

Format string vulnerability in the hreadrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in the Host header...

CVE-2009-3663

Format string vulnerability in the hreadrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in the Host header...

CVE-2009-3575

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors...

CVE-2009-3574

CVE-2009-3574 affects Tuniac 090517c. The vulnerability is triggered by a long File1 argument in a .pls playlist file, described as possibly causing a buffer overflow. Consequences cited include remote denial of service (crash) and potential arbitrary code execution. Connected sources (NVD and CV...

CVE-2009-3537

Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long string in a 1 .m3u or 2 .mpl playlist file...

Mandriva Linux Security Advisory : graphviz (MDVSA-2009:254-1)

A vulnerability was discovered and corrected in graphviz : Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitra...

CVE-2009-3484

Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information...

CVE-2009-3364

Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command...

Remote file inclusion

PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648...