227 matches found
Code injection
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...
CVE-2018-16369
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...
Xpdf Denial of Service Vulnerability (CNVD-2019-17490)
Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A denial of service vulnerability exists in XRef::fetch in Xpdf 4.00 in XRef.cc. A remote attacker can exploit this vulnerability to cause a denial of service stack consumption via a...
CVE-2018-16369
CVE-2018-16369 affects Xpdf 4.00 (XRef::fetch) where a crafted PDF can cause a stack DoS via AcroForm::scanField, as demonstrated by pdftohtml. The vulnerability is noted to possibly overlap CVE-2018-7453 (infinite recursion in AcroForm::scanField). Multiple advisories (e.g., Slackware SSA:2024-0...
PT-2018-3976 · Xpdf +2 · Xpdf +2
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.00 Description: The issue is related to errors in the code of the Xpdf software, specifically in the XRef::fetch function in XRef.cc. It allows remote attackers to cause a denial of service, which is a stack consumption, via a...
DEBIAN-CVE-2018-10289
In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...
MGASA-2018-0145 Updated qpdf packages fix security vulnerabilities
Updated qpdf packages fix security vulnerabilities: 1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral 2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject 3. Stack out of bounds read in iteraterc4 4. heap out of bounds read large in PlBuffer::write ...
MGASA-2018-0131 Updated qpdf packages fix security vulnerability
Qpdf has been updated to the latest version to fix several security issues. - Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral - Another stack overflow / endless recursion in QPDFWriter::enqueueObject - Stack out of bounds read in iteraterc4 - heap out of bounds read large...
CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...
CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...
UBUNTU-CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...
CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...
Code injection
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc...
DEBIAN-CVE-2017-18186
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc...
CVE-2017-18186
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc...
CVE-2017-18186
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc...
CVE-2017-18186
CVE-2017-18186 affects QPDF before 7.0.0. The issue is an infinite loop caused by looping xref tables in QPDF.cc, as described in multiple sources (e.g., SUSE/RHEL/NASL entries). The CVE entry lists CVSS metrics: CVSSv2 base 4.3 (MEDIUM) with network attack vector and partial availability impact;...
UBUNTU-CVE-2017-18186
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc...
UBUNTU-CVE-2018-6192
In Artifex MuPDF 1.12.0, the pdfreadnewxref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service segmentation violation and application crash via a crafted pdf file...
CVE-2018-6192
In Artifex MuPDF 1.12.0, the pdfreadnewxref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service segmentation violation and application crash via a crafted pdf file...