(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of JBIG2 files. The issue results from the lack of prop...

CVE-2023-38243 ZDI-CAN-21252: Adobe Acrobat Reader DC JBIG2 File Parsing Use-After-Free Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requir...

CVE-2017-14579

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30110)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A security vulnerability exists in STDU Viewer version 1.6.375. The vulnerability can be exploited to execute arbitrary code or cause a denial of service with the help of a...

CVE-2017-14294

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e."...

CVE-2017-14304

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0."...

CVE-2017-14287

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb."...

CVE-2017-7975

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2buildhuffmantable function in jbig2huffman.c during operations on a crafted JBIG2 file, leading to a denial of service application crash or possibly execution of arbitrary code...

CVE-2017-7975

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2buildhuffmantable function in jbig2huffman.c during operations on a crafted JBIG2 file, leading to a denial of service application crash or possibly execution of arbitrary code...

CVE-2017-7975

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2buildhuffmantable function in jbig2huffman.c during operations on a crafted JBIG2 file, leading to a denial of service application crash or possibly execution of arbitrary code...

CVE-2017-7885

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2decodesymboldict function in jbig2symboldict.c in libjbig2dec.a during operation on a craft...

CVE-2017-7885

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2decodesymboldict function in jbig2symboldict.c in libjbig2dec.a during operation on a craft...

KLA10938 Information disclosure and bypass security restrictions vulnerability in Foxit Reader

A large out-of-bounds read vulnerability was found in Foxit PDF Reader 8.0.2.805. By exploiting this vulnerability malicious users can possibly obtain sensitive information. In combination with another vulnerability, this one can be used to leak heap memory and in bypassing ASLR. This vulnerabili...