227 matches found
UBUNTU-CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service application crashes with SIGABRT by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of...
CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service application crashes with SIGABRT by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the PDFDoc::savePageAs function in PDFDoc.c, by crafting a PDF file that mishandles the xref data structure in getCatalog processing. Details Denial of Service DoS describes a family of attacks, all aimed at...
CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service application crashes with SIGABRT by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of...
PT-2023-5242 · Poppler +6 · Poppler +6
Name of the Vulnerable Software and Affected Versions: Poppler version 22.07.0 Description: The issue is related to the handling of the xref data structure in getCatalog processing, which can be exploited by crafting a malicious PDF file. This can cause a denial-of-service, leading to application...
CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service application crashes with SIGABRT by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of...
CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service application crashes with SIGABRT by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of...
CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service application crashes with SIGABRT by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of...
openSUSE 15 Security Update : poppler (SUSE-SU-2023:3241-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3241-1 advisory. - CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. bsc1150039 Tenable has extracted the preceding description...
SUSE CVE-2023-2241
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to th...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the readXRefStreamEntry function of the file PdfXRefStreamParserObject.cpp. Remediation Upgrade podofo to version 0.10.4 or higher. References - GitHub Commit - GitHub Issue...
SUSE CVE-2015-8981
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to moffsets.size...
SUSE CVE-2016-6265
Use-after-free vulnerability in the pdfloadxref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service crash via a crafted PDF file...
SUSE CVE-2017-14517
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document...
SUSE CVE-2017-18186
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc...
SUSE CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...
SUSE CVE-2018-10289
In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...
SUSE CVE-2018-16369
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...
SUSE CVE-2018-20662
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...
SUSE CVE-2019-7310
In Poppler 0.73.0, a heap-based buffer over-read due to an integer signedness error in the XRef::getEntry function in XRef.cc allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo...