OSV-2026-504 Heap-use-after-free in ObjectStream::getObject

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498251261 Crash type: Heap-use-after-free READ 4 Crash state: ObjectStream::getObject XRef::fetch XRef::fetch...

MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

CVE-2020-23879

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject...

EUVD-2020-16616

Malware in sbrugna...

EUVD-2020-11369

Malware in sbrugna...

CVE-2020-19465

An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4...

SUSE CVE-2009-3608

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based...

PDF2JSON code problem vulnerability

PDF2JSON is a Java-based code library that allows PDF files to interact with Json files. PDF2JSON has a code problem vulnerability that stems from the discovery that pdf2json v0.71 contains a null pointer dereference in the component ObjectStream::getObject. No detailed vulnerability details are...

CVE-2020-23879

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject...

CVE-2020-23879

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject...

Null pointer dereference

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject...

CVE-2020-23879

CVE-2020-23879 affects pdf2json v0.71, with a NULL pointer dereference in ObjectStream::getObject. The vulnerability is documented across multiple feeds (NVD entry and Red Hat/CNVD/etc.), but the connected documents do not specify a vendor patch or remediation version. Impact details from NVD ind...

CVE-2020-23879

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject...

CVE-2020-19465

An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4...

CVE-2020-19465

An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4...

Design/Logic Flaw

An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4...

CVE-2020-19465

CVE-2020-19465 concerns PDF2JSON 0.70, where the vulnerability resides in the function ObjectStream::getObject. The issue enables a Denial of Service via an invalid read of size 4 in the parsing path. This is a software-level bug within PDF2JSON's object stream handling, not an authentication or ...

Oracle Linux 5 : cups (ELSA-2009-1513)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1513 advisory. - Include NULL pointer check in ObjectStream::getObject. Part of the fix for CVE-2009-3608 bug 526637. Tenable has extracted the preceding description...

SuSE 10 Security Update : poppler (ZYPP Patch Number 6743)

This update of poppler fixes two security issues : - Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via ...

Debian: Security Advisory (DSA-2028-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...