Show filters
172 Total Results
Displaying 81-90 of 172
Sort by:
Attacker Value
Unknown

CVE-2018-19149

Disclosure Date: November 10, 2018 (last updated November 27, 2024)
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
0
0
Attacker Value
Unknown

CVE-2018-19059

Disclosure Date: November 07, 2018 (last updated November 27, 2024)
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
0
0
Attacker Value
Unknown

CVE-2018-19060

Disclosure Date: November 07, 2018 (last updated November 27, 2024)
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
0
0
Attacker Value
Unknown

CVE-2018-19058

Disclosure Date: November 07, 2018 (last updated November 27, 2024)
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-18897

Disclosure Date: November 02, 2018 (last updated November 27, 2024)
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-17336

Disclosure Date: September 22, 2018 (last updated November 27, 2024)
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
0
0
Attacker Value
Unknown

CVE-2018-16646

Disclosure Date: September 06, 2018 (last updated November 27, 2024)
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
0
0
Attacker Value
Unknown

CVE-2017-2626

Disclosure Date: July 27, 2018 (last updated November 27, 2024)
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
0
0
Attacker Value
Unknown

CVE-2018-13988

Disclosure Date: July 25, 2018 (last updated November 27, 2024)
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
0
0
Attacker Value
Unknown

CVE-2018-14036

Disclosure Date: July 13, 2018 (last updated November 27, 2024)
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
0
0
View More Topics  < Previous  Next >