SUSE-SU-2023:4546-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser bsc1128114. - CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image bsc1129202. - CVE-2022-37052: Fixed a reachable assertion when...

The vulnerability of the PDF processing library PyPDF2, related to algorithmic complexity, allows attackers to trigger a service denial.

The vulnerability of the PyPDF2 library for processing PDF files is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of Python libraries for working with PDF files, such as PyPDF and PyPDF2, relates to the execution of loops with an unreachable exit condition. This allows attackers to cause service failures.

The vulnerability of Python libraries for working with PDF files, such as PyPDF and PyPDF2, is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

Microsoft Edge Resource Management Error Vulnerability

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A resource management error vulnerability exists in Microsoft Edge versions 79.0.309.71 through 118.0.2088.69, which stems from a boundary error when processing PDF files, allowing remote...

The vulnerability of the Kofax Power PDF Advanced software, which is used for creating, converting, editing, and publishing PDF files, relates to operations that occur outside the buffer in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the Kofax Power PDF Advanced software for creating, converting, editing, and publishing PDF files stems from the execution of operations beyond the buffer in memory during PDF file processing. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Kofax Power PDF Advanced software, which is used for creating, converting, editing, and publishing PDF files, relates to operations that occur outside the buffer in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the Kofax Power PDF Advanced software for creating, converting, editing, and publishing PDF files stems from the execution of operations beyond the buffer in memory during PDF file processing. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Input validation

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input...

The vulnerability of Google Chrome browser-based PDF processing components allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Google Chrome browser-based PDF processors relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a specially crafted HTML page...

USN-6200-1 imagemagick vulnerabilities

It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. CVE-2020-29599 It was...

The vulnerability of the PDF document viewing and editing program PDF-XChange lies in the execution of operations outside the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF-XChange viewer and editor program relates to the issue of operations going beyond the buffer in memory when processing PDF files. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious link or a specially...

SUSE: Security Advisory (SUSE-SU-2023:0677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2023-1530

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-0933

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...

K25359902: BIG-IP AAM security vulnerability CVE-2019-6601

Security Advisory Description The BIG-IP AAM wamd process used in the processing of images and PDFs fails to drop group permissions when executing helper scripts. CVE-2019-6601 Impact This issue does not have a direct exploit, but may be used in unknown ways when targeting the BIG-IP AAM module...

SUSE CVE-2017-18184

An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iteraterc4 in QPDFencryption.cc...

SUSE CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this...

CVE-2022-41957 muhammara vulnerable to Unchecked Return Value to NULL Pointer Dereference

Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service DoS when supplied with a...

USN-5736-2 imagemagick vulnerabilities

USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu...

MGASA-2022-0386 Updated poppler packages fix security vulnerability

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

The vulnerability of the JBIG2Stream::readTextRegionSeg() function in the JBIG2 decoder for PDF file rendering by Poppler allows a malicious actor to cause a service failure or execute arbitrary code.

The vulnerability of the JBIG2Stream::readTextRegionSeg function in the JBIG2 decoder for processing PDF files with Poppler is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code by opening a specially created PDF...