EUVD-2018-13105

Malware in sbrugna...

SUSE CVE-2017-14926

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document...

SUSE CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

DRUPAL-CONTRIB-2021-041

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...

DRUPAL-CONTRIB-2021-040

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not use CSRF tokens to protect routes for saving menu configurations. This vulnerability can be exploited by an anonymous user...

DRUPAL-CONTRIB-2021-039

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. It does not sufficiently sanitize user input such that an admin with permissions to edit a menu may be able to exploit one or more Cross-Site-Scripting XSS vulnerabilities...

The Better Mega Menu - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-039

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. It does not sufficiently sanitize user input such that an admin with permissions to edit a menu may be able to exploit one or more Cross-Site-Scripting XSS vulnerabilities...

The Better Mega Menu - Moderately critical - Access bypass - SA-CONTRIB-2021-041

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...

The Better Mega Menu - Moderately critical - Cross Site Scripting, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2021-038

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-en...

GPAC null pointer dereference vulnerability (CNVD-2021-79756)

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a null pointer dereference vulnerability exists in the trakboxsize function in GPAC version 1.0.1. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted file in the...

GPAC Memory Leak Vulnerability (CNVD-2021-79761)

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a memory leak vulnerability exists in the afraboxread function in MP4Box in GPAC version 1.0.1. An attacker could exploit the vulnerability to read memory via specially crafted files...

poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

poppler security update

0.66.0-11.el80.12 - Ignore dict Length if it is broken - Resolves: 1741146 0.66.0-11.el80.11 - Check whether input is RGB in PSOutputDev::checkPageSlice - also when using '-optimizecolorspace' flag - Resolves: 1741145 0.66.0-11.el80.10 - Fail gracefully if not all components of JPEG2000Stream -...

CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

DEBIAN-CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

CVE-2018-20551

CVE-2018-20551 affects Poppler, specifically an exploit in AnnotRichMedia in Annot.c (Poppler 0.72.0) where a reachable Object::getString assertion can be triggered by crafted rich-media annotations, enabling denial of service. The issue is echoed across multiple security advisories (Ubuntu USN-3...

CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

Poppler Object::getString reachable assertion vulnerability

Poppler is based on xpdf-3.0 code base PDF rendering library. Poppler 0.72.0 exists Object::getString there is a reachable assertion vulnerability , the vulnerability stems from the Annot.c in the AnnotRichMedia class to build invalid rich media annotated assets , an attacker can use the...