Download
| Alert*
oval:org.secpod.oval:def:603739
libpoppler-cpp-dev is installed oval:org.secpod.oval:def:605236 libpoppler-cpp-dev is installed oval:org.secpod.oval:def:2001250 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this ... oval:org.secpod.oval:def:2000128 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can b ... oval:org.secpod.oval:def:610111 Two vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file or JBIG2 image is processed. oval:org.secpod.oval:def:88590 poppler: PDF rendering library poppler could be made to crash or execute arbitrary code if received a specially crafted PDF. oval:org.secpod.oval:def:2004754 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. oval:org.secpod.oval:def:92531 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:2001301 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. oval:org.secpod.oval:def:2000927 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. oval:org.secpod.oval:def:2000885 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. oval:org.secpod.oval:def:2000780 In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. oval:org.secpod.oval:def:2001401 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To tri ... oval:org.secpod.oval:def:2001091 poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash when parsing an invalid PDF file. oval:org.secpod.oval:def:2001437 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. oval:org.secpod.oval:def:2000698 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. oval:org.secpod.oval:def:2000638 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service via a crafted PDF file, as demonstrated by pdftops. oval:org.secpod.oval:def:2000138 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. oval:org.secpod.oval:def:2000476 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. oval:org.secpod.oval:def:2000477 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fil ... oval:org.secpod.oval:def:2004755 In Poppler 0.73.0, a heap-based buffer over-read allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. oval:org.secpod.oval:def:2000823 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. oval:org.secpod.oval:def:2000261 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in pdfdetach. oval:org.secpod.oval:def:2000539 In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. oval:org.secpod.oval:def:2004756 The JPXStream::init function in Poppler 0.78.0 and earlier doesn"t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. oval:org.secpod.oval:def:708366 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:95001 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:96467 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:96490 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:708343 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:92532 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. |