1182 matches found
CVE-2019-16115
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...
CVE-2019-16115
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...
CVE-2019-16115
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...
UBUNTU-CVE-2019-16115
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...
CVE-2019-16115
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...
PT-2019-14519 · Foolabs +1 · Xpdf +1
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A stack-based buffer under-read issue exists in the IdentityFunction::transform function in Function.cc, which is used by GfxAxialShading::getColor. This issue can be triggered by sending a crafted PDF docume...
Xpdf heap buffer overflow vulnerability (CNVD-2019-21456)
Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. A buffer overflow vulnerability exists in the SampledFunction::transform of the Function.cc file in Xpdf version 4.01.01. The vulnerability originates when a...
CVE-2019-13282
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause...
Heap overflow
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause...
CVE-2019-13282
Technical details about CVE-2019-13282 are not publicly provided in the connected documents; the available materials mention the issue in Xpdf 4.01.01 but do not share affected components, exploit methods, or fixes.
CVE-2019-13282
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause...
CVE-2019-13282
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause...
PT-2019-13236 · Xpdf · Xpdf
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A heap-based buffer over-read issue can be triggered in the SampledFunction::transform function when using a large index for samples, potentially allowing an attacker to cause Denial of Service or an...
UBUNTU-CVE-2019-12493
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...
Stack overflow
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...
DEBIAN-CVE-2019-12493
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...
Xpdf Buffer Error Vulnerability
Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. A buffer error vulnerability exists in the 'PostScriptFunction::transform' function of the Function.cc file in Xpdf version 4.01.01. The vulnerability originate...
Denial Of Service (DoS)
firefox/thunderbird is vulnerable to denial of service. An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...
[SECURITY] Fedora 30 Update: numpy-1.16.3-1.fc30
NumPy is a general-purpose array-processing package designed to efficiently manipulate large multi-dimensional arrays of arbitrary records without sacrificing too much speed for small multi-dimensional arrays. NumPy is built on the Numeric code base and adds features introduced by numarray as wel...
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing...