Lucene search
K

6682 matches found

Cvelist
Cvelist
added 2017/07/12 5:0 p.m.31 views

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

7.5CVSS8.7AI score0.01977EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2017/07/12 12:49 p.m.30 views

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

8.8CVSS8.5AI score0.01977EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2017/07/12 12:49 p.m.37 views

CVE-2017-2814

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file ca...

8.8CVSS9AI score0.02716EPSS
Exploits1References2
CNVD
CNVD
added 2017/07/12 12:0 a.m.2 views

Poppler heap buffer overflow vulnerability (CNVD-2017-22665)

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A heap buffer overflow vulnerability exists in the image rendering function in Poppler version 0.53.0. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial o...

8.8CVSS8.6AI score0.02716EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/12 12:0 a.m.3 views

Poppler heap buffer overflow vulnerability (CNVD-2017-22666)

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A heap buffer overflow vulnerability exists in the image rendering function in Poppler version 0.53.0. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial o...

8.8CVSS8.6AI score0.01977EPSS
Exploits1References1
Microsoft KB
Microsoft KB
added 2017/07/11 7:0 a.m.57 views

July 11, 2017—KB4025344 (OS Build 10586.1007)

July 11, 2017—KB4025344 OS Build 10586.1007 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue introduced by KB4032693 where Internet Explorer 11 may close unexpectedly when y...

10CVSS7.1AI score0.66911EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2017/07/10 12:0 a.m.28 views

Fedora 25 : webkitgtk4 (2017-bff1b87765)

This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...

8.8CVSS7.7AI score0.01827EPSS
Exploits0References2
myhack58
myhack58
added 2017/07/09 12:0 a.m.654 views

From PhantomJS picture rendering of XSS vulnerabilities to the SSRF/local file read vulnerability-vulnerability warning-the black bar safety net

One, Foreword Recently I was invited to study a vulnerability reward project, this project can be based on user input to generate a picture, in order for users to download. After a period time of exploring, I found a way to exploit the path, you can use the picture inside theXSSthe vulnerability ...

6.7AI score
Exploits0
GithubExploit
GithubExploit
added 2017/07/08 4:5 a.m.1 views

html-social-share-buttons

It is an HTML/CSS/JavaScript library for adding social media sha...

6.1AI score
Exploits0
Ubuntu
Ubuntu
added 2017/07/07 2:45 p.m.66 views

USN-3350-1: poppler vulnerabilities

Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. CVE-2017-28...

8.8CVSS6.5AI score0.04415EPSS
Exploits4
Fedora
Fedora
added 2017/07/07 7:21 a.m.26 views

[SECURITY] Fedora 25 Update: webkitgtk4-2.16.5-1.fc25

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

8.8CVSS1.8AI score0.01827EPSS
Exploits0
Talos
Talos
added 2017/07/07 12:0 a.m.76 views

Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability

Talos Vulnerability Report TALOS-2017-2818 Poppler PDF Image Display DCTStream::readProgressiveSOF Code Execution Vulnerability July 7, 2017 CVE Number CVE-2017-0319 Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically...

7.5CVSS0.4AI score0.05566EPSS
Exploits2
Talos
Talos
added 2017/07/07 12:0 a.m.88 views

Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF...

8.8CVSS8.4AI score0.02716EPSS
Exploits1
Talos
Talos
added 2017/07/07 12:0 a.m.57 views

Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to...

7.5CVSS8.3AI score0.05566EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/07/06 12:0 a.m.37 views

Debian DLA-1013-1 : graphite2 security update

Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 1.3.10-1deb7u1. We recommend that you...

9.8CVSS7.8AI score0.05216EPSS
Exploits6References9
Debian
Debian
added 2017/07/05 12:16 p.m.43 views

[SECURITY] [DLA 1013-1] graphite2 security update

Package : graphite2 Version : 1.3.10-1deb7u1 CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the...

9.8CVSS9.9AI score0.05216EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2017/06/30 12:0 a.m.13 views

openSUSE Security Update : libqt5-qtbase / libqt5-qtdeclarative (openSUSE-2017-731)

This update for libqt5-qtbase and libqt5-qtdeclarative fixes the following issues : This security issue was fixed : - Prevent potential information leak due to race condition in QSaveFile bsc1034005. These non-security issues were fixed : - Fixed crash in QPlainTextEdit - Fixed Burmese rendering...

5.4AI score
Exploits0References3
Ubuntu
Ubuntu
added 2017/06/29 7:58 a.m.95 views

USN-3342-1: Linux kernel vulnerabilities

USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux...

7.8CVSS7AI score0.01372EPSS
Exploits7References2
OSV
OSV
added 2017/06/29 7:45 a.m.9 views

USN-3343-1 linux vulnerabilities

USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux...

7.8CVSS7.2AI score0.01598EPSS
Exploits7References12
Fedora
Fedora
added 2017/06/28 8:53 p.m.39 views

[SECURITY] Fedora 25 Update: graphite2-1.3.10-1.fc25

Graphite2 is a project within SIL=EF=BF=BD=EF=BF=BD=EF=BF=BDs Non-Roman Scr ipt Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create =EF=BF=BD=EF=BF =BD=EF=BF=BDsmart...

9.8CVSS1.8AI score0.05216EPSS
Exploits0
Rows per page
Query Builder