Lucene search
K

23 matches found

CVE
CVE
added 2010/11/05 5:0 p.m.135 views

CVE-2010-3704

CVE-2010-3704 affects the PDF parsing code (FoFiType1.parse) in xpdf (before 3.02pl5) and in Poppler up to 0.15.1, kdegraphics, and related products. The vulnerability stems from a PostScript Type 1 font handling path that uses a crafted font containing a negative array index, bypassing input val...

6.8CVSS7.8AI score0.03597EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.124 views

CVE-2009-1180

CVE-2009-1180 affects the JBIG2 decoder path used by Xpdf (and components embedding Xpdf, e.g., Poppler-based renderers). The flaw is triggered by crafted PDFs and can lead to remote arbitrary code execution or crashes via a free of invalid data during JBIG2 decoding. Public advisories indicate a...

6.8CVSS7.8AI score0.05411EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.123 views

CVE-2009-0799

Technical details beyond the given Initial Description are not provided in the connected documents. Monitor for updates; the current set does not specify affected products/versions beyond general JBIG2 decoding issues (CVE-2009-0799) in Xpdf/kpdf/Poppler.

4.3CVSS7.2AI score0.0377EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.116 views

CVE-2009-1179

CVE-2009-1179 corresponds to an integer overflow in Xpdf’s JBIG2 decoder (and related JBIG2 code paths in Poppler) that affects Xpdf <= 3.02pl2 and older, CUPS <= 1.3.9 and older, and Poppler equals 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ...

6.8CVSS7.8AI score0.05549EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.112 views

CVE-2009-1182

CVE-2009-1182 concerns JBIG2 decoder flaws leading to remote code execution when processing crafted PDFs. The Initial Description lists multiple buffers overflows in the JBIG2 MMR decoder used by Xpdf (3.02pl2 and earlier), CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products. Connec...

7.5CVSS7.8AI score0.07347EPSS
CVE
CVE
added 2009/10/21 5:0 p.m.112 views

CVE-2009-3608

CVE-2009-3608 is a heap-based buffer overflow in the ObjectStream::ObjectStream function (XRef.cc) affecting Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, used by GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX. A crafted PDF can trigger remote code execution. The connected Nessus/MiracleLin...

9.3CVSS7.3AI score0.10228EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.106 views

CVE-2009-0147

CVE-2009-0147 involves multiple integer overflows in the JBIG2 decoder used by Xpdf (3.02pl2 and earlier) and CUPS (1.3.9 and earlier), plus other products. The flaw affects the JBIG2 decoder paths JBIG2Stream::readSymbolDictSeg (and related symbol-dictionary handling) and JBIG2Stream::readGeneri...

4.3CVSS7.2AI score0.02577EPSS
CVE
CVE
added 2009/10/21 5:0 p.m.104 views

CVE-2009-3603

CVE-2009-3603 is an integer overflow in SplashBitmap::SplashBitmap in xpdf (and affected Poppler) that could allow remote code execution via a crafted PDF. Debian DSA-2028-1 and related advisories note multiple CVEs (including CVE-2009-3603, 3604, 3606, 3608, 3609) tied to xpdf/poppler components...

9.3CVSS7.5AI score0.08582EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.102 views

CVE-2009-0166

The CVE-2009-0166 issue affects the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and related products, caused by a free of uninitialized memory in JBIG2 decoding. This leads to a remote denial of service (crash) via a crafted PDF file. Connected advisories ( MiracleLinux AXS...

4.3CVSS7.2AI score0.02318EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.102 views

CVE-2009-0800

CVE-2009-0800 involves input validation flaws in the JBIG2 decoder (Xpdf-based) used by Xpdf, Poppler, kdegraphics/kpdf and related components. Public records tie this to Poppler, kdegraphics kdepdf/kpdf in Debian/etch/lenny and CentOS/RHEL advisories, with multiple JBIG2/INT/UB memory issues ena...

6.8CVSS7.7AI score0.05491EPSS
CVE
CVE
added 2011/03/31 10:0 p.m.100 views

CVE-2011-0764

CVE-2011-0764 affects t1lib 5.1.2 and earlier (used in Xpdf before 3.02pl6, teTeX, etc.). The vulnerability arises from an invalid pointer in conjunction with a dereference in Type 1 font processing, enabling remote code execution via a crafted PDF containing a Type 1 font. Public incident data i...

6.8CVSS7.3AI score0.13055EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.99 views

CVE-2009-0146

CVE-2009-0146 is described in connected advisories as a set of vulnerabilities in the JBIG2 decoder used by Xpdf, CUPS (and related products) that allow remote attackers to cause a denial of service via crafted PDF files. The JBIG2-related flaws involve JBIG2SymbolDict::setBitmap and JBIG2Stream:...

4.3CVSS7.3AI score0.02833EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.98 views

CVE-2009-1183

CVE-2009-1183 affects JBIG2 MMR decoding in Xpdf (3.02pl2 and earlier), and also broader products using JBIG2 decoders such as Poppler before 0.10.6 and other vendors (e.g., CUPS 1.3.9 and earlier). The issue is a remote DoS: a crafted PDF can cause an infinite loop or hang in the JBIG2 decoder, ...

4.3CVSS7.1AI score0.0377EPSS
CVE
CVE
added 2009/10/21 5:0 p.m.91 views

CVE-2009-3606

CVE-2009-3606 affects Xpdf (PSOutputDev::doImageL1Sep) and Poppler used in kdegraphics KPDF, where a crafted PDF can trigger a heap-based buffer overflow and allow remote code execution. Public references indicate the issue was addressed via updated Xpdf/Poppler packages across multiple distribut...

9.3CVSS7.3AI score0.08629EPSS
CVE
CVE
added 2011/03/31 11:0 p.m.91 views

CVE-2011-1553

The CVE-2011-1553 family concerns t1lib, embedded by TeX Live/teTeX and Xpdf, with multiple flaws: two heap-based AFM parsing buffer overflows (CVE-2010-2642, CVE-2011-0433), an invalid pointer dereference (CVE-2011-0764), a use-after-free (CVE-2011-1553), an off-by-one error (CVE-2011-1554), and...

4.3CVSS6.3AI score0.05417EPSS
CVE
CVE
added 2009/04/23 7:11 p.m.90 views

CVE-2009-0165

CVE-2009-0165: Integer overflow in the JBIG2 decoder of Xpdf (version 3.02pl2 and earlier) as used in Poppler and related products on Mac OS X. The description notes an unspecified impact and references the g*allocn issue, but does not provide concrete exploit details, affected products beyond Xp...

10CVSS7.4AI score0.03592EPSS
CVE
CVE
added 2011/03/31 11:0 p.m.89 views

CVE-2011-1554

Mode C: The CVE-2011-1554 family arises from multiple t1lib flaws (AFM parser): two heap-based overflows, an invalid pointer dereference, a use-after-free, and an off-by-one memory read in Type 1 font handling. t1lib is embedded in TeX Live/tetex and in Xpdf-based workflows; affected products inc...

4.3CVSS6.3AI score0.05417EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.86 views

CVE-2009-1181

CVE-2009-1181 affects the JBIG2 decoder in Xpdf 3.02pl2 and earlier, Poppler before 0.10.6, and related components, allowing remote attackers to crash the process via a crafted PDF that triggers a NULL pointer dereference. Connected sources confirm practical impacts across Poppler/kpdf/xpdf-famil...

4.3CVSS7.2AI score0.03803EPSS
CVE
CVE
added 2009/10/21 5:0 p.m.85 views

CVE-2009-3609

CVE-2009-3609 affects Xpdf and Poppler components used in GPdf, kdegraphics KPDF, and CUPS pdftops. The flaw is an integer overflow in ImageStream::ImageStream (Stream.cc) in Xpdf ≤ 3.02pl4 and Poppler ≤ 0.12.1, which can be triggered by a crafted PDF document. Exploitation may lead to a NULL poi...

4.3CVSS6.8AI score0.04483EPSS
CVE
CVE
added 2009/10/21 5:0 p.m.80 views

CVE-2009-3604

CVE-2009-3604 affects Xpdf 2.x/3.x up to 3.02pl4 and Poppler 0.x, used in GPdf and kdegraphics KPDF. The root cause is improper memory allocation in Splash::drawImage, which may trigger a NULL pointer dereference or a heap-based buffer overflow when parsing crafted PDFs. Consequences include deni...

9.3CVSS7.6AI score0.08703EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.77 views

CVE-2009-0195

CVE-2009-0195 describes a heap-based buffer overflow in the JBIG2 decoder affecting Xpdf 3.02pl2 and earlier (and possibly other products, e.g., CUPS 1.3.9 ), allowing a remote attacker to execute arbitrary code via a crafted PDF containing JBIG2 symbol dictionary segments. The connected MiracleL...

6.8CVSS7.8AI score0.05374EPSS
CVE
CVE
added 2011/03/31 11:0 p.m.71 views

CVE-2011-1552

CVE-2011-1552 affects t1lib 5.1.2 and earlier (as used in Xpdf before 3.02pl6 and other products). It reads from invalid memory locations when processing a crafted Type 1 font in a PDF, enabling remote denial of service (application crash). Remediation: upgrade to Xpdf 3.02pl6 or later (and apply...

4.3CVSS6.3AI score0.10378EPSS
CVE
CVE
added 2009/04/09 3:0 p.m.64 views

CVE-2009-1144

Summary (CVE-2009-1144) : Untrusted search path in Gentoo's Xpdf package prior to 3.02-r2 allows local privilege escalation via a Trojan horse xpdfrc in the current working directory. The issue stems from a missing SYSTEM_XPDFRC macro during Gentoo builds that use the poppler library. The vulnera...

6.9CVSS6.4AI score0.004EPSS