23 matches found
CVE-2010-3704
CVE-2010-3704 affects the PDF parsing code (FoFiType1.parse) in xpdf (before 3.02pl5) and in Poppler up to 0.15.1, kdegraphics, and related products. The vulnerability stems from a PostScript Type 1 font handling path that uses a crafted font containing a negative array index, bypassing input val...
CVE-2009-1180
CVE-2009-1180 affects the JBIG2 decoder path used by Xpdf (and components embedding Xpdf, e.g., Poppler-based renderers). The flaw is triggered by crafted PDFs and can lead to remote arbitrary code execution or crashes via a free of invalid data during JBIG2 decoding. Public advisories indicate a...
CVE-2009-0799
Technical details beyond the given Initial Description are not provided in the connected documents. Monitor for updates; the current set does not specify affected products/versions beyond general JBIG2 decoding issues (CVE-2009-0799) in Xpdf/kpdf/Poppler.
CVE-2009-1179
CVE-2009-1179 corresponds to an integer overflow in Xpdf’s JBIG2 decoder (and related JBIG2 code paths in Poppler) that affects Xpdf <= 3.02pl2 and older, CUPS <= 1.3.9 and older, and Poppler equals 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ...
CVE-2009-1182
CVE-2009-1182 concerns JBIG2 decoder flaws leading to remote code execution when processing crafted PDFs. The Initial Description lists multiple buffers overflows in the JBIG2 MMR decoder used by Xpdf (3.02pl2 and earlier), CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products. Connec...
CVE-2009-3608
CVE-2009-3608 is a heap-based buffer overflow in the ObjectStream::ObjectStream function (XRef.cc) affecting Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, used by GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX. A crafted PDF can trigger remote code execution. The connected Nessus/MiracleLin...
CVE-2009-0147
CVE-2009-0147 involves multiple integer overflows in the JBIG2 decoder used by Xpdf (3.02pl2 and earlier) and CUPS (1.3.9 and earlier), plus other products. The flaw affects the JBIG2 decoder paths JBIG2Stream::readSymbolDictSeg (and related symbol-dictionary handling) and JBIG2Stream::readGeneri...
CVE-2009-3603
CVE-2009-3603 is an integer overflow in SplashBitmap::SplashBitmap in xpdf (and affected Poppler) that could allow remote code execution via a crafted PDF. Debian DSA-2028-1 and related advisories note multiple CVEs (including CVE-2009-3603, 3604, 3606, 3608, 3609) tied to xpdf/poppler components...
CVE-2009-0166
The CVE-2009-0166 issue affects the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and related products, caused by a free of uninitialized memory in JBIG2 decoding. This leads to a remote denial of service (crash) via a crafted PDF file. Connected advisories ( MiracleLinux AXS...
CVE-2009-0800
CVE-2009-0800 involves input validation flaws in the JBIG2 decoder (Xpdf-based) used by Xpdf, Poppler, kdegraphics/kpdf and related components. Public records tie this to Poppler, kdegraphics kdepdf/kpdf in Debian/etch/lenny and CentOS/RHEL advisories, with multiple JBIG2/INT/UB memory issues ena...
CVE-2011-0764
CVE-2011-0764 affects t1lib 5.1.2 and earlier (used in Xpdf before 3.02pl6, teTeX, etc.). The vulnerability arises from an invalid pointer in conjunction with a dereference in Type 1 font processing, enabling remote code execution via a crafted PDF containing a Type 1 font. Public incident data i...
CVE-2009-0146
CVE-2009-0146 is described in connected advisories as a set of vulnerabilities in the JBIG2 decoder used by Xpdf, CUPS (and related products) that allow remote attackers to cause a denial of service via crafted PDF files. The JBIG2-related flaws involve JBIG2SymbolDict::setBitmap and JBIG2Stream:...
CVE-2009-1183
CVE-2009-1183 affects JBIG2 MMR decoding in Xpdf (3.02pl2 and earlier), and also broader products using JBIG2 decoders such as Poppler before 0.10.6 and other vendors (e.g., CUPS 1.3.9 and earlier). The issue is a remote DoS: a crafted PDF can cause an infinite loop or hang in the JBIG2 decoder, ...
CVE-2009-3606
CVE-2009-3606 affects Xpdf (PSOutputDev::doImageL1Sep) and Poppler used in kdegraphics KPDF, where a crafted PDF can trigger a heap-based buffer overflow and allow remote code execution. Public references indicate the issue was addressed via updated Xpdf/Poppler packages across multiple distribut...
CVE-2011-1553
The CVE-2011-1553 family concerns t1lib, embedded by TeX Live/teTeX and Xpdf, with multiple flaws: two heap-based AFM parsing buffer overflows (CVE-2010-2642, CVE-2011-0433), an invalid pointer dereference (CVE-2011-0764), a use-after-free (CVE-2011-1553), an off-by-one error (CVE-2011-1554), and...
CVE-2009-0165
CVE-2009-0165: Integer overflow in the JBIG2 decoder of Xpdf (version 3.02pl2 and earlier) as used in Poppler and related products on Mac OS X. The description notes an unspecified impact and references the g*allocn issue, but does not provide concrete exploit details, affected products beyond Xp...
CVE-2011-1554
Mode C: The CVE-2011-1554 family arises from multiple t1lib flaws (AFM parser): two heap-based overflows, an invalid pointer dereference, a use-after-free, and an off-by-one memory read in Type 1 font handling. t1lib is embedded in TeX Live/tetex and in Xpdf-based workflows; affected products inc...
CVE-2009-1181
CVE-2009-1181 affects the JBIG2 decoder in Xpdf 3.02pl2 and earlier, Poppler before 0.10.6, and related components, allowing remote attackers to crash the process via a crafted PDF that triggers a NULL pointer dereference. Connected sources confirm practical impacts across Poppler/kpdf/xpdf-famil...
CVE-2009-3609
CVE-2009-3609 affects Xpdf and Poppler components used in GPdf, kdegraphics KPDF, and CUPS pdftops. The flaw is an integer overflow in ImageStream::ImageStream (Stream.cc) in Xpdf ≤ 3.02pl4 and Poppler ≤ 0.12.1, which can be triggered by a crafted PDF document. Exploitation may lead to a NULL poi...
CVE-2009-3604
CVE-2009-3604 affects Xpdf 2.x/3.x up to 3.02pl4 and Poppler 0.x, used in GPdf and kdegraphics KPDF. The root cause is improper memory allocation in Splash::drawImage, which may trigger a NULL pointer dereference or a heap-based buffer overflow when parsing crafted PDFs. Consequences include deni...
CVE-2009-0195
CVE-2009-0195 describes a heap-based buffer overflow in the JBIG2 decoder affecting Xpdf 3.02pl2 and earlier (and possibly other products, e.g., CUPS 1.3.9 ), allowing a remote attacker to execute arbitrary code via a crafted PDF containing JBIG2 symbol dictionary segments. The connected MiracleL...
CVE-2011-1552
CVE-2011-1552 affects t1lib 5.1.2 and earlier (as used in Xpdf before 3.02pl6 and other products). It reads from invalid memory locations when processing a crafted Type 1 font in a PDF, enabling remote denial of service (application crash). Remediation: upgrade to Xpdf 3.02pl6 or later (and apply...
CVE-2009-1144
Summary (CVE-2009-1144) : Untrusted search path in Gentoo's Xpdf package prior to 3.02-r2 allows local privilege escalation via a Trojan horse xpdfrc in the current working directory. The issue stems from a missing SYSTEM_XPDFRC macro during Gentoo builds that use the poppler library. The vulnera...