SUSE CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in FileSpec.cc in pdfdetach...

poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in FileSpec.cc in pdfdetach...

PT-2018-14773 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.71.0 Description: The issue is related to an out-of-bounds read in the EmbFile::save2 function in FileSpec.cc. This can lead to a denial of service. The problem is demonstrated by the utils/pdfdetach.cc utility not validatin...

Fedora 22 : perl-PathTools-3.47-312.fc22 (2016-4ca904238f)

This release fixes CVE-2015-8607 losing taint flag in File::Spec::canonpath subroutine. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible witho...

[SECURITY] Fedora 22 Update: perl-PathTools-3.47-312.fc22

This is the combined distribution for the File::Spec and Cwd modules...

Ubuntu 15.04 / 15.10 : perl vulnerability (USN-2878-1)

David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism. Note that Tenable Network Security has extracted the preceding description block...

Ubuntu: Security Advisory (USN-2878-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated perl and perl-PathTools packages fix security vulnerability

It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code CVE-2015-8607...

PathTools Security Mechanism Bypass Vulnerability

Perl is a free and powerful cross-platform programming language. PathTools is a set of pattern matching tools for system file paths. The 'canonpath' function in the File::Spec module of PathTools used in Perl fails to properly preserve the taint attribute of the data, allowing remote attackers to...

[SECURITY] Fedora 23 Update: perl-PathTools-3.60-2.fc23

This is the combined distribution for the File::Spec and Cwd modules...

DEBIAN-CVE-2015-8607

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...

CVE-2015-8607

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...

Design/Logic Flaw

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...

CVE-2015-8607

CVE-2015-8607 affects the Perl PathTools package, specifically the File::Spec::canonpath() function. The taint propagation bug can cause tainted input to be treated as untainted, potentially allowing unvalidated user data to reach sensitive code paths. The issue is observed in Perl environments u...

CVE-2015-8607

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...

CVE-2015-8607

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...

[SECURITY] [DSA 3441-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3441-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2016 https://www.debian.org/security/faq -...

DSA-3441-1 perl - security update

Bulletin has no description...

Debian Security Advisory DSA 3441-1 (perl - security update)

David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution wheezy i...

p5-PathTools -- File::Spec::canonpath loses taint

Ricardo Signes reports: Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach...