6682 matches found
CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
CVE-2017-2814
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file ca...
Poppler heap buffer overflow vulnerability (CNVD-2017-22665)
Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A heap buffer overflow vulnerability exists in the image rendering function in Poppler version 0.53.0. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial o...
Poppler heap buffer overflow vulnerability (CNVD-2017-22666)
Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A heap buffer overflow vulnerability exists in the image rendering function in Poppler version 0.53.0. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial o...
July 11, 2017—KB4025344 (OS Build 10586.1007)
July 11, 2017—KB4025344 OS Build 10586.1007 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue introduced by KB4032693 where Internet Explorer 11 may close unexpectedly when y...
Fedora 25 : webkitgtk4 (2017-bff1b87765)
This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...
From PhantomJS picture rendering of XSS vulnerabilities to the SSRF/local file read vulnerability-vulnerability warning-the black bar safety net
One, Foreword Recently I was invited to study a vulnerability reward project, this project can be based on user input to generate a picture, in order for users to download. After a period time of exploring, I found a way to exploit the path, you can use the picture inside theXSSthe vulnerability ...
html-social-share-buttons
It is an HTML/CSS/JavaScript library for adding social media sha...
USN-3350-1: poppler vulnerabilities
Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. CVE-2017-28...
[SECURITY] Fedora 25 Update: webkitgtk4-2.16.5-1.fc25
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability
Talos Vulnerability Report TALOS-2017-2818 Poppler PDF Image Display DCTStream::readProgressiveSOF Code Execution Vulnerability July 7, 2017 CVE Number CVE-2017-0319 Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically...
Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF...
Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to...
Debian DLA-1013-1 : graphite2 security update
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 1.3.10-1deb7u1. We recommend that you...
[SECURITY] [DLA 1013-1] graphite2 security update
Package : graphite2 Version : 1.3.10-1deb7u1 CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the...
openSUSE Security Update : libqt5-qtbase / libqt5-qtdeclarative (openSUSE-2017-731)
This update for libqt5-qtbase and libqt5-qtdeclarative fixes the following issues : This security issue was fixed : - Prevent potential information leak due to race condition in QSaveFile bsc1034005. These non-security issues were fixed : - Fixed crash in QPlainTextEdit - Fixed Burmese rendering...
USN-3342-1: Linux kernel vulnerabilities
USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux...
USN-3343-1 linux vulnerabilities
USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux...
[SECURITY] Fedora 25 Update: graphite2-1.3.10-1.fc25
Graphite2 is a project within SIL=EF=BF=BD=EF=BF=BD=EF=BF=BDs Non-Roman Scr ipt Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create =EF=BF=BD=EF=BF =BD=EF=BF=BDsmart...