Linux Distros Unpatched Vulnerability : CVE-2017-5991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdfrunxobject function in pdf-op-run.c encounters a NULL pointer...

Design/Logic Flaw

XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...

CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins

XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...

GHSA-9HQH-FMHG-VQ2J Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

Impact Any user with the right to edit his personal page can follow one of the scenario below: Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page any image is fine - Clic...

CVE-2021-39843 Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...

Design/Logic Flaw

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...

SRC-2020-00 : Foxit Reader XObject Stream Uninitialized Object Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

UBUNTU-CVE-2017-5991

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdfrunxobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fzpaintpixmapwithmask painting operation. Versions 1.11 and later are unaffected...

PT-2017-16811 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF versions prior to 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Artifex MuPDF versions prior to 1.11 Description: An issue was discovered in the pdf run xobject function in pdf-op-run.c, which encounters a NULL pointer dereference...

Adobe Reader DC XObject stream Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

Adobe Acrobat Pro DC XObject stream Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of...

Adobe Reader DC 15.010.20060 - Memory Corruption

Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10, 2016 CVE: CVE-2016-1077 Author: Pier-Luc Maltais...

Adobe Reader DC 15.010.20060 - Memory Corruption

Adobe Reader DC 15.010.20060 - Memory Corruption Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10,...

Adobe Reader DC XObject Image Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Adobe Reader DC 15.010.20060 - Memory Corruption

Exploit for multiple platform in category dos / poc Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10...

PDF Shaper Buffer Overflow

This module requires Metabuffer: http://metabuffer.com/download Current source: https://github.com/rapid7/metabuffer-framework require 'msf/core' class Metasploit3 'PDF Shaper Buffer Overflow', 'Description' = %q PDF Shaper is prone to a security vulnerability when processing PDF files. The...

CoreGraphics Memory Corruption - CVE-2014-4377

Apple CoreGraphics library fails to validate the input when parsing the colorspace specification of a PDF XObject resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input in any application linked with the affected framework. Usi...

Memory corruption

Foxit Reader 2.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PDF file with 1 a malformed ExtGState resource containing a /Font resource, or 2 an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probabl...