Search CVE reports


Toggle filters

101 – 110 of 203 results


CVE-2018-19060

Low priority
Fixed

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before...

1 affected package

poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
poppler Fixed
Show less packages

CVE-2018-19059

Low priority
Fixed

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

1 affected package

poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
poppler Fixed
Show less packages

CVE-2018-19058

Low priority
Fixed

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

1 affected package

poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
poppler Fixed
Show less packages

CVE-2018-18897

Negligible priority
Fixed

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

1 affected package

poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
poppler Fixed
Show less packages

CVE-2018-18651

Low priority
Needs evaluation

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by...

4 affected packages

ipe, libextractor, xpdf, poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libextractor Not affected Not affected Not affected Not affected
xpdf Not affected Not affected Not in release Not affected
poppler Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-18650

Medium priority
Needs evaluation

An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused...

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not affected Not in release Not affected
Show less packages

CVE-2018-18459

Negligible priority
Vulnerable

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

4 affected packages

ipe, libextractor, xpdf, poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libextractor Not affected Not affected Not affected Not affected
xpdf Vulnerable Vulnerable Not in release Needs evaluation
poppler Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-18458

Negligible priority
Vulnerable

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

4 affected packages

libextractor, ipe, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libextractor Not affected Not affected Not affected Not affected
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation
poppler Not affected Not affected Not affected Not affected
xpdf Vulnerable Vulnerable Not in release Vulnerable
Show less packages

CVE-2018-18457

Negligible priority
Vulnerable

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Vulnerable Vulnerable Not in release Vulnerable
Show less packages

CVE-2018-18456

Negligible priority
Vulnerable

The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

4 affected packages

libextractor, ipe, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libextractor Not affected Not affected Not affected Not affected
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation
poppler Not affected Not affected Not affected Not affected
xpdf Vulnerable Vulnerable Not in release Vulnerable
Show less packages