Search CVE reports
101 – 110 of 203 results
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before...
1 affected package
poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
poppler | — | — | — | Fixed |
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
1 affected package
poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
poppler | — | — | — | Fixed |
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
1 affected package
poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
poppler | — | — | — | Fixed |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
1 affected package
poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
poppler | — | — | — | Fixed |
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by...
4 affected packages
ipe, libextractor, xpdf, poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libextractor | Not affected | Not affected | Not affected | Not affected |
xpdf | Not affected | Not affected | Not in release | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused...
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libextractor | Not affected | Not affected | Not affected | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected |
xpdf | Not affected | Not affected | Not in release | Not affected |
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, xpdf, poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libextractor | Not affected | Not affected | Not affected | Not affected |
xpdf | Vulnerable | Vulnerable | Not in release | Needs evaluation |
poppler | Not affected | Not affected | Not affected | Not affected |
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
libextractor, ipe, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libextractor | Not affected | Not affected | Not affected | Not affected |
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poppler | Not affected | Not affected | Not affected | Not affected |
xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libextractor | Not affected | Not affected | Not affected | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected |
xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
libextractor, ipe, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libextractor | Not affected | Not affected | Not affected | Not affected |
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poppler | Not affected | Not affected | Not affected | Not affected |
xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |