CVE-2022-35107

SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c...

PT-2021-10348 · Pdf2Json · Pdf2Json

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: An issue in the vfprintf function allows attackers to cause a Denial of Service due to a stack overflow. Recommendations: For PDF2JSON version 0.70, at the moment, there is no information about a newer versi...

Modesty Pdf2json 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the vfprintf function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

glibc: printf() unbound alloca() usage in case of positional parameters + many format specs

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...