Vulnerabilites related to xpdfreader - xpdf
cve-2019-9877
Vulnerability from cvelistv5
Published
2019-03-19 18:16
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/ | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:55.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T18:16:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41265",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9877",
"datePublished": "2019-03-19T18:16:29",
"dateReserved": "2019-03-19T00:00:00",
"dateUpdated": "2024-08-04T22:01:55.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16368
Vulnerability from cvelistv5
Published
2018-09-03 00:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-03T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16368",
"datePublished": "2018-09-03T00:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36493
Vulnerability from cvelistv5
Published
2023-02-03 00:00
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42160"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36493",
"datePublished": "2023-02-03T00:00:00",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T00:54:51.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11033
Vulnerability from cvelistv5
Published
2018-05-14 00:00
Modified
2024-09-16 20:51
Severity ?
EPSS score ?
Summary
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=40842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=40842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=40842",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=40842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11033",
"datePublished": "2018-05-14T00:00:00Z",
"dateReserved": "2018-05-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:51:42.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7867
Vulnerability from cvelistv5
Published
2024-08-15 20:06
Modified
2024-08-16 17:12
Severity ?
EPSS score ?
Summary
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdfreader",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T17:08:56.250411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T17:12:21.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "Version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "xiaobaozidi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.\u003cbr\u003e"
}
],
"value": "In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T20:06:47.966Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-7867.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-7867",
"datePublished": "2024-08-15T20:06:47.966Z",
"dateReserved": "2024-08-15T20:00:13.850Z",
"dateUpdated": "2024-08-16T17:12:21.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45586
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45586",
"datePublished": "2023-02-15T00:00:00",
"dateReserved": "2022-11-21T00:00:00",
"dateUpdated": "2024-08-03T14:17:03.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2971
Vulnerability from cvelistv5
Published
2024-03-26 21:31
Modified
2024-08-06 15:22
Severity ?
EPSS score ?
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-2971.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:22:09.869348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:22:59.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "Version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Song Jiaxuan (Huazhong University of Science and Technology)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eOut-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.\u003c/div\u003e"
}
],
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T21:31:43.511Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-2971.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-2971",
"datePublished": "2024-03-26T21:31:43.511Z",
"dateReserved": "2024-03-26T21:14:56.706Z",
"dateUpdated": "2024-08-06T15:22:59.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43295
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 13:26
Severity ?
EPSS score ?
Summary
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:26:02.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42360"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43295",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-10-17T00:00:00",
"dateUpdated": "2024-08-03T13:26:02.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41842
Vulnerability from cvelistv5
Published
2022-09-30 04:21
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.xpdfreader.com/download.html | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-30T04:21:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-41842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xpdfreader.com/download.html",
"refsource": "MISC",
"url": "http://www.xpdfreader.com/download.html"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41842",
"datePublished": "2022-09-30T04:21:47",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38334
Vulnerability from cvelistv5
Published
2022-09-15 00:00
Modified
2024-08-03 10:54
Severity ?
EPSS score ?
Summary
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122"
},
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38334",
"datePublished": "2022-09-15T00:00:00",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T10:54:03.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3702
Vulnerability from cvelistv5
Published
2010-11-05 17:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-16662",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"name": "RHSA-2010:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"name": "SUSE-SR:2010:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "MDVSA-2010:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "43845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"name": "MDVSA-2010:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "RHSA-2010:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"name": "FEDORA-2010-15981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"name": "ADV-2010-2897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "DSA-2135",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"name": "RHSA-2010:0755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "RHSA-2010:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-11T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-16662",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"name": "RHSA-2010:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"name": "SUSE-SR:2010:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "MDVSA-2010:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "43845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"name": "MDVSA-2010:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "RHSA-2010:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"name": "FEDORA-2010-15981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"name": "ADV-2010-2897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "DSA-2135",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"name": "RHSA-2010:0755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "RHSA-2010:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3702",
"datePublished": "2010-11-05T17:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0207
Vulnerability from cvelistv5
Published
2019-10-30 20:46
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-0207 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "poppler",
"versions": [
{
"status": "affected",
"version": "0.26.5-2"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T20:46:53",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "poppler",
"version": {
"version_data": [
{
"version_value": "0.26.5-2"
}
]
}
}
]
},
"vendor_name": "poppler"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-0207",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0207"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0207",
"datePublished": "2019-10-30T20:46:53",
"dateReserved": "2010-01-06T00:00:00",
"dateUpdated": "2024-08-07T00:37:54.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8104
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8104",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-16T19:09:18.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26930
Vulnerability from cvelistv5
Published
2023-04-26 00:00
Modified
2024-08-02 12:01
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:01:31.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/huanglei3/xpdf_aborted"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states \u201cit\u0027s an expected abort on out-of-memory error.\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/huanglei3/xpdf_aborted"
},
{
"url": "https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26930",
"datePublished": "2023-04-26T00:00:00",
"dateReserved": "2023-02-27T00:00:00",
"dateUpdated": "2024-08-02T12:01:31.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10022
Vulnerability from cvelistv5
Published
2019-03-24 23:11
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-24T23:11:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41273",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10022",
"datePublished": "2019-03-24T23:11:22",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18456
Vulnerability from cvelistv5
Published
2018-10-18 06:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | x_refsource_MISC | |
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18456",
"datePublished": "2018-10-18T06:00:00",
"dateReserved": "2018-10-18T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10019
Vulnerability from cvelistv5
Published
2019-03-24 23:10
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275 | x_refsource_MISC | |
| https://usn.ubuntu.com/4042-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T15:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10019",
"datePublished": "2019-03-24T23:10:38",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7866
Vulnerability from cvelistv5
Published
2024-08-15 19:50
Modified
2024-08-16 17:13
Severity ?
EPSS score ?
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T17:13:19.735300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T17:13:35.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "Version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "xiaobaozidi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.\u003cbr\u003e"
}
],
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:50:06.413Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/object-loops.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Xpdf 4.05 due to object loop in PDF pattern",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-7866",
"datePublished": "2024-08-15T19:50:06.413Z",
"dateReserved": "2024-08-15T19:41:01.904Z",
"dateUpdated": "2024-08-16T17:13:35.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10024
Vulnerability from cvelistv5
Published
2019-03-24 23:11
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-24T23:11:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10024",
"datePublished": "2019-03-24T23:11:49",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4568
Vulnerability from cvelistv5
Published
2024-05-06 19:56
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:glyphandcog:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "glyphandcog",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T18:03:05.708589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:13.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:40.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xpdfreader.com/security-bug/object-loops.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ximing Fan, from School of Cyber Science and Engineering, Sichuan University, China"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow."
}
],
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-06T19:56:15.633Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/object-loops.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Xpdf 4.05 due to object loop in PDF resources",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-4568",
"datePublished": "2024-05-06T19:56:15.633Z",
"dateReserved": "2024-05-06T19:48:33.775Z",
"dateUpdated": "2024-08-01T20:47:40.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8103
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8103",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-17T02:41:29.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30524
Vulnerability from cvelistv5
Published
2022-05-09 18:00
Modified
2024-08-03 06:48
Severity ?
EPSS score ?
Summary
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42261 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T18:00:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42261",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30524",
"datePublished": "2022-05-09T18:00:09",
"dateReserved": "2022-05-09T00:00:00",
"dateUpdated": "2024-08-03T06:48:36.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3247
Vulnerability from cvelistv5
Published
2024-04-02 22:57
Modified
2024-08-01 20:05
Severity ?
EPSS score ?
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3247",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:26:43.928823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:35:23.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zhijie Zhang, from Institute of Information Engineering, Chinese Academy of Sciences"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.\u003cbr\u003e"
}
],
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T22:57:35.394Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43597"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Xpdf 4.05 due to object loop in PDF object stream",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-3247",
"datePublished": "2024-04-02T22:57:35.394Z",
"dateReserved": "2024-04-02T22:48:13.391Z",
"dateUpdated": "2024-08-01T20:05:08.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18459
Vulnerability from cvelistv5
Published
2018-10-18 06:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | x_refsource_MISC | |
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18459",
"datePublished": "2018-10-18T06:00:00",
"dateReserved": "2018-10-18T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24996
Vulnerability from cvelistv5
Published
2020-09-03 22:17
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-03T22:17:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42028",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24996",
"datePublished": "2020-09-03T22:17:33",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2662
Vulnerability from cvelistv5
Published
2023-05-11 20:08
Modified
2025-01-24 16:06
Severity ?
EPSS score ?
Summary
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42505"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T16:05:31.137989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T16:06:27.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "huckleberry"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T20:08:27.720Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Divide-by-zero in Xpdf 4.04 due to bad color space object",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2023-2662",
"datePublished": "2023-05-11T20:08:25.610Z",
"dateReserved": "2023-05-11T20:03:56.213Z",
"dateUpdated": "2025-01-24T16:06:27.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7452
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:12.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-24T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7452",
"datePublished": "2018-02-24T06:00:00",
"dateReserved": "2018-02-23T00:00:00",
"dateUpdated": "2024-08-05T06:24:12.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0206
Vulnerability from cvelistv5
Published
2019-10-30 20:10
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-0206 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xpdf",
"vendor": "xpdf",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2010-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T20:10:52",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xpdf",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "xpdf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-0206",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0206"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0206",
"datePublished": "2019-10-30T20:10:52",
"dateReserved": "2010-01-06T00:00:00",
"dateUpdated": "2024-08-07T00:37:54.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18457
Vulnerability from cvelistv5
Published
2018-10-18 06:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | x_refsource_MISC | |
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18457",
"datePublished": "2018-10-18T06:00:00",
"dateReserved": "2018-10-18T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38222
Vulnerability from cvelistv5
Published
2022-08-15 04:57
Modified
2024-08-03 10:45
Severity ?
EPSS score ?
Summary
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:39:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42320",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38222",
"datePublished": "2022-08-15T04:57:54",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T10:45:52.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8105
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8105",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:00:59.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8102
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-16 17:02
Severity ?
EPSS score ?
Summary
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8102",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:02:57.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30860
Vulnerability from cvelistv5
Published
2021-08-24 18:49
Modified
2025-02-03 13:59
Severity ?
EPSS score ?
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:48:13.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212824"
},
{
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "GLSA-202209-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-21"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-30860",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T18:40:44.536500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30860"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T13:59:32.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2021-005",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:49.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212824"
},
{
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "GLSA-202209-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021-005"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212804",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212804"
},
{
"name": "https://support.apple.com/en-us/HT212805",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212805"
},
{
"name": "https://support.apple.com/en-us/HT212807",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212807"
},
{
"name": "https://support.apple.com/en-us/HT212806",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212806"
},
{
"name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"name": "https://support.apple.com/kb/HT212824",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212824"
},
{
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "GLSA-202209-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-30860",
"datePublished": "2021-08-24T18:49:25.000Z",
"dateReserved": "2021-04-13T00:00:00.000Z",
"dateUpdated": "2025-02-03T13:59:32.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7453
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?p=814#p814 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:12.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?p=814#p814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-24T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?p=814#p814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?p=814#p814",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?p=814#p814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7453",
"datePublished": "2018-02-24T06:00:00",
"dateReserved": "2018-02-23T00:00:00",
"dateUpdated": "2024-08-05T06:24:12.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4141
Vulnerability from cvelistv5
Published
2024-04-24 18:36
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdf",
"versions": [
{
"lessThan": "4.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T18:19:02.469803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:17.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4141.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThan": "4.05",
"status": "affected",
"version": "0",
"versionType": "version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wu JieCong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.\u003cbr\u003e"
}
],
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T18:36:49.410Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4141.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds array write in Xpdf 4.05 due to incorrect bounds check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-4141",
"datePublished": "2024-04-24T18:36:49.410Z",
"dateReserved": "2024-04-24T18:24:52.705Z",
"dateUpdated": "2024-08-01T20:33:52.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7868
Vulnerability from cvelistv5
Published
2024-08-15 20:22
Modified
2024-08-15 20:33
Severity ?
EPSS score ?
Summary
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T20:33:27.606080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T20:33:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "Version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "KMFL"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.\u003cbr\u003e"
}
],
"value": "In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T20:22:52.873Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-7868.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uninitialized variable in Xpdf 4.05 due to invalid JPEG header",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-7868",
"datePublished": "2024-08-15T20:22:52.873Z",
"dateReserved": "2024-08-15T20:15:02.215Z",
"dateUpdated": "2024-08-15T20:33:39.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7175
Vulnerability from cvelistv5
Published
2018-02-15 21:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7175",
"datePublished": "2018-02-15T21:00:00Z",
"dateReserved": "2018-02-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:52:58.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10026
Vulnerability from cvelistv5
Published
2019-03-24 23:12
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-24T23:12:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10026",
"datePublished": "2019-03-24T23:12:14",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35376
Vulnerability from cvelistv5
Published
2020-12-26 03:30
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42066"
},
{
"name": "FEDORA-2021-4a437fe032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"name": "FEDORA-2021-013d9a30e0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T03:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42066"
},
{
"name": "FEDORA-2021-4a437fe032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"name": "FEDORA-2021-013d9a30e0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42066",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42066"
},
{
"name": "FEDORA-2021-4a437fe032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"name": "FEDORA-2021-013d9a30e0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35376",
"datePublished": "2020-12-26T03:30:15",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3387
Vulnerability from cvelistv5
Published
2007-07-30 23:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:13.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2007:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"name": "USN-496-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"name": "DSA-1355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"name": "ADV-2007-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "MDKSA-2007:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"name": "MDKSA-2007:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"name": "26307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26307"
},
{
"name": "MDKSA-2007:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"name": "DSA-1350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"name": "20070814 FLEA-2007-0045-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"name": "26468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26468"
},
{
"name": "20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"name": "26982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26982"
},
{
"name": "26254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26254"
},
{
"name": "26370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26370"
},
{
"name": "DSA-1348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"name": "26325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26325"
},
{
"name": "26413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26413"
},
{
"name": "DSA-1352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"name": "GLSA-200710-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"name": "DSA-1354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"name": "USN-496-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"name": "MDKSA-2007:163",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"name": "RHSA-2007:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"name": "40127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40127"
},
{
"name": "26862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26862"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "26281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26281"
},
{
"name": "RHSA-2007:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"name": "GLSA-200709-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"name": "25124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"name": "26514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26514"
},
{
"name": "26467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26467"
},
{
"name": "SSA:2007-316-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"name": "26432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26432"
},
{
"name": "26410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"name": "26607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "26358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26358"
},
{
"name": "26365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26365"
},
{
"name": "26627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26627"
},
{
"name": "26293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26293"
},
{
"name": "26283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26283"
},
{
"name": "MDKSA-2007:159",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"name": "27308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27308"
},
{
"name": "MDKSA-2007:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"name": "DSA-1357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"name": "GLSA-200709-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"name": "26403",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26403"
},
{
"name": "RHSA-2007:0732",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"name": "DSA-1349",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"name": "26251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26251"
},
{
"name": "oval:org.mitre.oval:def:11149",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
},
{
"name": "26292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26292"
},
{
"name": "MDKSA-2007:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"name": "26342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26342"
},
{
"name": "26257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26395"
},
{
"name": "SSA:2007-222-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"name": "MDKSA-2007:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "1018473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"name": "RHSA-2007:0729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"name": "26188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26188"
},
{
"name": "26278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26278"
},
{
"name": "26425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26425"
},
{
"name": "GLSA-200710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"name": "ADV-2007-2704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"name": "DSA-1347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"name": "RHSA-2007:0735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"name": "20070816 FLEA-2007-0046-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"name": "27281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27281"
},
{
"name": "20070801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"name": "26436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26436"
},
{
"name": "26343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26343"
},
{
"name": "26407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26407"
},
{
"name": "26255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26255"
},
{
"name": "27156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27156"
},
{
"name": "26318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26318"
},
{
"name": "26470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26470"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "26297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26297"
},
{
"name": "26405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26405"
},
{
"name": "27637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2007:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"name": "USN-496-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"name": "DSA-1355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"name": "ADV-2007-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "MDKSA-2007:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"name": "MDKSA-2007:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"name": "26307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26307"
},
{
"name": "MDKSA-2007:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"name": "DSA-1350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"name": "20070814 FLEA-2007-0045-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"name": "26468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26468"
},
{
"name": "20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"name": "26982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26982"
},
{
"name": "26254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26254"
},
{
"name": "26370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26370"
},
{
"name": "DSA-1348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"name": "26325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26325"
},
{
"name": "26413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26413"
},
{
"name": "DSA-1352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"name": "GLSA-200710-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"name": "DSA-1354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"name": "USN-496-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"name": "MDKSA-2007:163",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"name": "RHSA-2007:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"name": "40127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40127"
},
{
"name": "26862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26862"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "26281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26281"
},
{
"name": "RHSA-2007:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"name": "GLSA-200709-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"name": "25124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"name": "26514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26514"
},
{
"name": "26467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26467"
},
{
"name": "SSA:2007-316-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"name": "26432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26432"
},
{
"name": "26410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"name": "26607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "26358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26358"
},
{
"name": "26365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26365"
},
{
"name": "26627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26627"
},
{
"name": "26293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26293"
},
{
"name": "26283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26283"
},
{
"name": "MDKSA-2007:159",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"name": "27308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27308"
},
{
"name": "MDKSA-2007:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"name": "DSA-1357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"name": "GLSA-200709-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"name": "26403",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26403"
},
{
"name": "RHSA-2007:0732",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"name": "DSA-1349",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"name": "26251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26251"
},
{
"name": "oval:org.mitre.oval:def:11149",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
},
{
"name": "26292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26292"
},
{
"name": "MDKSA-2007:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"name": "26342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26342"
},
{
"name": "26257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26395"
},
{
"name": "SSA:2007-222-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"name": "MDKSA-2007:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "1018473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"name": "RHSA-2007:0729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"name": "26188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26188"
},
{
"name": "26278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26278"
},
{
"name": "26425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26425"
},
{
"name": "GLSA-200710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"name": "ADV-2007-2704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"name": "DSA-1347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"name": "RHSA-2007:0735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"name": "20070816 FLEA-2007-0046-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"name": "27281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27281"
},
{
"name": "20070801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"name": "26436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26436"
},
{
"name": "26343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26343"
},
{
"name": "26407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26407"
},
{
"name": "26255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26255"
},
{
"name": "27156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27156"
},
{
"name": "26318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26318"
},
{
"name": "26470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26470"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "26297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26297"
},
{
"name": "26405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26405"
},
{
"name": "27637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27637"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3387",
"datePublished": "2007-07-30T23:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:13.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8101
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-16 17:27
Severity ?
EPSS score ?
Summary
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8101",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:27:56.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24999
Vulnerability from cvelistv5
Published
2020-09-03 22:17
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:08.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-03T22:17:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42029",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24999",
"datePublished": "2020-09-03T22:17:24",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:26:08.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4976
Vulnerability from cvelistv5
Published
2024-05-15 20:34
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:50:15.005590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:54:06.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vladislav Shevchenko (HSE university, Moscow)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.\u003cbr\u003e"
}
],
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T20:34:24.716Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds array write in Xpdf 4.05 due to missing object type check",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-4976",
"datePublished": "2024-05-15T20:34:24.716Z",
"dateReserved": "2024-05-15T20:23:00.257Z",
"dateUpdated": "2024-08-01T20:55:10.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41844
Vulnerability from cvelistv5
Published
2022-09-30 04:21
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.xpdfreader.com/download.html | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308\u0026p=43844\u0026hilit=XRef%3A%3Afetch#p43844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-30T04:21:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308\u0026p=43844\u0026hilit=XRef%3A%3Afetch#p43844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-41844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xpdfreader.com/download.html",
"refsource": "MISC",
"url": "http://www.xpdfreader.com/download.html"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308\u0026p=43844\u0026hilit=XRef%3A%3Afetch#p43844",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308\u0026p=43844\u0026hilit=XRef%3A%3Afetch#p43844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41844",
"datePublished": "2022-09-30T04:21:27",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25725
Vulnerability from cvelistv5
Published
2020-11-21 05:29
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725 | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Glyph & Cog | xpdf |
Version: 4.02 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725"
},
{
"name": "FEDORA-2021-4a437fe032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"name": "FEDORA-2021-013d9a30e0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xpdf",
"vendor": "Glyph \u0026 Cog",
"versions": [
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-\u003ecache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn\u0027t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T03:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725"
},
{
"name": "FEDORA-2021-4a437fe032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"name": "FEDORA-2021-013d9a30e0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25725",
"datePublished": "2020-11-21T05:29:54",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27548
Vulnerability from cvelistv5
Published
2022-05-18 14:37
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42115 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T14:37:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27548",
"datePublished": "2022-05-18T14:37:01",
"dateReserved": "2021-02-22T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2664
Vulnerability from cvelistv5
Published
2023-05-11 20:21
Modified
2025-01-23 21:23
Severity ?
EPSS score ?
Summary
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42422"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2664",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T21:22:45.913757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:23:23.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "BabyBus"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u0026nbsp;In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "\u00a0In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T20:21:25.821Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42422"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2023-2664",
"datePublished": "2023-05-11T20:21:25.821Z",
"dateReserved": "2023-05-11T20:19:40.531Z",
"dateUpdated": "2025-01-23T21:23:23.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45587
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45587",
"datePublished": "2023-02-15T00:00:00",
"dateReserved": "2022-11-21T00:00:00",
"dateUpdated": "2024-08-03T14:17:03.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41843
Vulnerability from cvelistv5
Published
2022-09-30 04:21
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421 | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=1&t=42344 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-30T04:21:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-41843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41843",
"datePublished": "2022-09-30T04:21:36",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7173
Vulnerability from cvelistv5
Published
2018-02-15 21:00
Modified
2024-09-16 16:44
Severity ?
EPSS score ?
Summary
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=607",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7173",
"datePublished": "2018-02-15T21:00:00Z",
"dateReserved": "2018-02-15T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:10.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38928
Vulnerability from cvelistv5
Published
2022-09-21 12:57
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:31.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T12:57:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38928",
"datePublished": "2022-09-21T12:57:51",
"dateReserved": "2022-08-29T00:00:00",
"dateUpdated": "2024-08-03T11:10:31.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10023
Vulnerability from cvelistv5
Published
2019-03-24 23:11
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | x_refsource_MISC | |
| https://usn.ubuntu.com/4042-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T15:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10023",
"datePublished": "2019-03-24T23:11:33",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7455
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=654\u0026p=819#p819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-24T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=654\u0026p=819#p819"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=654\u0026p=819#p819",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=654\u0026p=819#p819"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7455",
"datePublished": "2018-02-24T06:00:00",
"dateReserved": "2018-02-23T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10018
Vulnerability from cvelistv5
Published
2019-03-24 23:10
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | x_refsource_MISC | |
| https://usn.ubuntu.com/4042-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T01:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10018",
"datePublished": "2019-03-24T23:10:26",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8107
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8107",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-17T04:10:05.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3436
Vulnerability from cvelistv5
Published
2023-06-27 20:55
Modified
2024-11-07 17:00
Severity ?
EPSS score ?
Summary
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42618"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdfreader",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3436",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:57:28.396828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:00:22.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jiahao Liu"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eXpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.\u003c/div\u003e"
}
],
"value": "Xpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-833",
"description": "CWE-833 Deadlock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T20:55:27.693Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42618"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deadlock in Xpdf 4.04 due to PDF object stream references",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2023-3436",
"datePublished": "2023-06-27T20:55:21.049Z",
"dateReserved": "2023-06-27T20:43:04.057Z",
"dateUpdated": "2024-11-07T17:00:22.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43071
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 13:26
Severity ?
EPSS score ?
Summary
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:26:02.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42349\u0026p=43959#p43959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42349\u0026p=43959#p43959"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43071",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-10-17T00:00:00",
"dateUpdated": "2024-08-03T13:26:02.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8106
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-17 03:27
Severity ?
EPSS score ?
Summary
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8106",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-17T03:27:34.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16369
Vulnerability from cvelistv5
Published
2018-09-03 00:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:31.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16369",
"datePublished": "2018-09-03T00:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:31.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7454
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:12.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-24T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7454",
"datePublished": "2018-02-24T06:00:00",
"dateReserved": "2018-02-23T00:00:00",
"dateUpdated": "2024-08-05T06:24:12.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18458
Vulnerability from cvelistv5
Published
2018-10-18 06:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | x_refsource_MISC | |
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18458",
"datePublished": "2018-10-18T06:00:00",
"dateReserved": "2018-10-18T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18651
Vulnerability from cvelistv5
Published
2018-10-25 13:00
Modified
2024-09-16 22:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.00. catalog-\u003egetNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T13:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.00. catalog-\u003egetNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18651",
"datePublished": "2018-10-25T13:00:00Z",
"dateReserved": "2018-10-25T00:00:00Z",
"dateUpdated": "2024-09-16T22:19:56.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2142
Vulnerability from cvelistv5
Published
2020-01-09 20:42
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/08/09/6 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/08/09/5 | x_refsource_MISC | |
| http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 | x_refsource_MISC | |
| http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=789936 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "poppler",
"versions": [
{
"status": "affected",
"version": "before 0.21.4"
}
]
}
],
"datePublic": "2012-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T20:42:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2142",
"datePublished": "2020-01-09T20:42:47",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30775
Vulnerability from cvelistv5
Published
2022-05-16 02:54
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T02:54:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42264",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30775",
"datePublished": "2022-05-16T02:54:45",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2663
Vulnerability from cvelistv5
Published
2023-05-11 20:16
Modified
2025-01-24 16:04
Severity ?
EPSS score ?
Summary
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:10.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42421"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T16:02:53.792174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T16:04:05.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "BabyBus"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u0026nbsp;In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "\u00a0In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T20:19:20.402Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42421"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2023-2663",
"datePublished": "2023-05-11T20:16:59.111Z",
"dateReserved": "2023-05-11T20:10:12.645Z",
"dateUpdated": "2025-01-24T16:04:05.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10020
Vulnerability from cvelistv5
Published
2019-03-24 23:10
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-24T23:10:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10020",
"datePublished": "2019-03-24T23:10:58",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3248
Vulnerability from cvelistv5
Published
2024-04-02 23:04
Modified
2024-08-12 13:52
Severity ?
EPSS score ?
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43657"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3248",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T13:50:27.401794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:52:19.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.\u003cbr\u003e"
}
],
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T23:04:40.828Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43657"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Xpdf 4.05 due to object loop in attachments",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-3248",
"datePublished": "2024-04-02T23:04:40.828Z",
"dateReserved": "2024-04-02T23:00:19.912Z",
"dateUpdated": "2024-08-12T13:52:19.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18455
Vulnerability from cvelistv5
Published
2018-10-18 06:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | x_refsource_MISC | |
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18455",
"datePublished": "2018-10-18T06:00:00",
"dateReserved": "2018-10-18T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27135
Vulnerability from cvelistv5
Published
2022-04-25 12:48
Modified
2024-08-03 05:18
Severity ?
EPSS score ?
Summary
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/verf1sh/Poc/blob/master/pic_ppm.png | x_refsource_MISC | |
| https://github.com/verf1sh/Poc/blob/master/poc_ppm | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verf1sh/Poc/blob/master/pic_ppm.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verf1sh/Poc/blob/master/poc_ppm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T12:48:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verf1sh/Poc/blob/master/pic_ppm.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verf1sh/Poc/blob/master/poc_ppm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verf1sh/Poc/blob/master/pic_ppm.png",
"refsource": "MISC",
"url": "https://github.com/verf1sh/Poc/blob/master/pic_ppm.png"
},
{
"name": "https://github.com/verf1sh/Poc/blob/master/poc_ppm",
"refsource": "MISC",
"url": "https://github.com/verf1sh/Poc/blob/master/poc_ppm"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42232",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27135",
"datePublished": "2022-04-25T12:48:10",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T05:18:39.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7174
Vulnerability from cvelistv5
Published
2018-02-15 21:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=605",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7174",
"datePublished": "2018-02-15T21:00:00Z",
"dateReserved": "2018-02-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:21:31.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3044
Vulnerability from cvelistv5
Published
2023-06-02 22:32
Modified
2025-01-08 17:53
Severity ?
EPSS score ?
Summary
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.
This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baker221/poc-xpdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:53:02.399834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:53:11.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Junlin Liu of Peking Univ."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf\u0027s text extraction code.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf\u0027s text extraction code.\n\n\n\n\nThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T22:32:31.677Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"
},
{
"url": "https://github.com/baker221/poc-xpdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Divide-by-zero in Xpdf 4.04 due to very large page size",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2023-3044",
"datePublished": "2023-06-02T22:32:31.677Z",
"dateReserved": "2023-06-01T22:02:19.916Z",
"dateUpdated": "2025-01-08T17:53:11.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36561
Vulnerability from cvelistv5
Published
2022-08-30 20:05
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T20:05:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36561",
"datePublished": "2022-08-30T20:05:52",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10021
Vulnerability from cvelistv5
Published
2019-03-24 23:11
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | x_refsource_MISC | |
| https://usn.ubuntu.com/4042-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T15:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10021",
"datePublished": "2019-03-24T23:11:09",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10025
Vulnerability from cvelistv5
Published
2019-03-24 23:12
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-24T23:12:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10025",
"datePublished": "2019-03-24T23:12:03",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3900
Vulnerability from cvelistv5
Published
2024-04-17 18:41
Modified
2024-08-01 20:26
Severity ?
EPSS score ?
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xpdf",
"vendor": "xpdfreader",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T15:59:35.292126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:36.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-3900.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"lessThanOrEqual": "4.05",
"status": "affected",
"version": "0",
"versionType": "version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sangbin Kim, from Korea University Sejong campus"
}
],
"datePublic": "2024-04-17T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.\u003cbr\u003e"
}
],
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T18:41:03.549Z",
"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"shortName": "GandC"
},
"references": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-3900.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
"assignerShortName": "GandC",
"cveId": "CVE-2024-3900",
"datePublished": "2024-04-17T18:41:03.549Z",
"dateReserved": "2024-04-16T20:04:32.277Z",
"dateUpdated": "2024-08-01T20:26:57.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38171
Vulnerability from cvelistv5
Published
2022-08-22 18:33
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
},
{
"tags": [
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
},
{
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38171",
"datePublished": "2022-08-22T18:33:47.097485Z",
"dateReserved": "2022-08-12T00:00:00",
"dateUpdated": "2024-09-16T18:34:06.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18650
Vulnerability from cvelistv5
Published
2018-10-25 13:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T13:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18650",
"datePublished": "2018-10-25T13:00:00Z",
"dateReserved": "2018-10-25T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:01.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48545
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:16
Severity ?
EPSS score ?
Summary
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42092"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:16:19.944175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:16:28.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:45:23.291038",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42092"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48545",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2023-07-23T00:00:00",
"dateUpdated": "2024-10-03T14:16:28.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8100
Vulnerability from cvelistv5
Published
2018-03-14 03:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8100",
"datePublished": "2018-03-14T03:00:00Z",
"dateReserved": "2018-03-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:17.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9878
Vulnerability from cvelistv5
Published
2019-03-19 18:16
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kermitt2/pdfalto/issues/46 | x_refsource_MISC | |
| https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:55.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kermitt2/pdfalto/issues/46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T18:16:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kermitt2/pdfalto/issues/46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kermitt2/pdfalto/issues/46",
"refsource": "MISC",
"url": "https://github.com/kermitt2/pdfalto/issues/46"
},
{
"name": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9878",
"datePublished": "2019-03-19T18:16:53",
"dateReserved": "2019-03-19T00:00:00",
"dateUpdated": "2024-08-04T22:01:55.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33108
Vulnerability from cvelistv5
Published
2022-06-28 16:59
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42287 | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42286 | x_refsource_MISC | |
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:19.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42286"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T16:59:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42286"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42287",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42287"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42286",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42286"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42284",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33108",
"datePublished": "2022-06-28T16:59:18",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:19.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18454
Vulnerability from cvelistv5
Published
2018-10-18 06:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | x_refsource_MISC | |
| https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18454",
"datePublished": "2018-10-18T06:00:00",
"dateReserved": "2018-10-18T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-02-15 21:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en xpdf 4.00. Un bucle infinito en XRef::Xref permite que un atacante provoque una denegaci\u00f3n de servicio (DoS) debido a que la detecci\u00f3n de bucles solo existe para las tablas, no para los flujos."
}
],
"id": "CVE-2018-7174",
"lastModified": "2024-11-21T04:11:43.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T21:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 07:16
Severity ?
Summary
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Se presenta un problema de uso de memoria previamente liberada en la funci\u00f3n JBIG2Stream::close() ubicado en el archivo JBIG2Stream.cc en Xpdf 4.04. Puede desencadenarse mediante el env\u00edo de un archivo PDF dise\u00f1ado a (por ejemplo) el binario pdfimages. Permite a un atacante causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado"
}
],
"id": "CVE-2022-38222",
"lastModified": "2024-11-21T07:16:05.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T03:15:15.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42320"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-15 18:15
Modified
2024-11-21 07:29
Severity ?
Summary
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?t=42361 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?t=42361 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service."
}
],
"id": "CVE-2022-45586",
"lastModified": "2024-11-21T07:29:27.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-15T18:15:11.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-11 21:15
Modified
2025-01-24 16:15
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C549C6C1-16A2-4372-976B-95334DB1EABA",
"versionEndIncluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.\n\n\n"
}
],
"id": "CVE-2023-2662",
"lastModified": "2025-01-24T16:15:31.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-11T21:15:09.873",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42505"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-30 05:15
Modified
2024-11-21 07:23
Severity ?
Summary
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.xpdfreader.com/download.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xpdfreader.com/download.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Xpdf versi\u00f3n 4.04. Se presenta un fallo en la funci\u00f3n gfseek(_IO_FILE*, long, int) en el archivo goo/gfile.cc"
}
],
"id": "CVE-2022-41842",
"lastModified": "2024-11-21T07:23:55.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-30T05:15:11.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una desreferencia de puntero NULL en la funci\u00f3n Gfx::opSetExtGState en Gfx.cc."
}
],
"id": "CVE-2019-10022",
"lastModified": "2024-11-21T04:18:14.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41273"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-24 06:29
Modified
2024-11-21 04:12
Severity ?
Summary
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "Una lectura fuera de l\u00edmites en JPXStream::fillReadBuf en JPXStream.cc en xpdf 4.00 permite que atacantes inicien una denegaci\u00f3n de servicio (DoS) mediante un archivo pdf espec\u00edfico, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-7455",
"lastModified": "2024-11-21T04:12:10.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-24T06:29:00.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=654\u0026p=819#p819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=654\u0026p=819#p819"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-03 00:29
Modified
2024-11-21 03:52
Severity ?
Summary
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "SplashXPath::strokeAdjust en splash/SplashXPath.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-16368",
"lastModified": "2024-11-21T03:52:37.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-03T00:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 06:29
Modified
2024-11-21 03:55
Severity ?
Summary
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "La funci\u00f3n DCTStream::getBlock en Stream.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-18459",
"lastModified": "2024-11-21T03:55:58.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T06:29:00.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 21:15
Modified
2024-11-21 07:13
Severity ?
Summary
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538."
},
{
"lang": "es",
"value": "Se ha detectado que XPDF versi\u00f3n v4.0.4, contiene una violaci\u00f3n de segmentaci\u00f3n por medio del componente /xpdf/AcroForm.cc:538"
}
],
"id": "CVE-2022-36561",
"lastModified": "2024-11-21T07:13:18.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T21:15:09.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 22:15
Modified
2025-01-29 16:08
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.\n\n"
},
{
"lang": "es",
"value": "Escritura de matriz fuera de los l\u00edmites en Xpdf 4.05 y versiones anteriores, provocada por un n\u00famero de objeto negativo en una referencia indirecta en el archivo PDF de entrada."
}
],
"id": "CVE-2024-2971",
"lastModified": "2025-01-29T16:08:39.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T22:15:08.190",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-2971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-2971.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 21:15
Modified
2024-11-21 01:11
Severity ?
Summary
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206 | Issue Tracking, Third Party Advisory | |
| cret@cert.org | https://security-tracker.debian.org/tracker/CVE-2010-0206 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-0206 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 3.03-17 | |
| debian | debian_linux | 8.0 | |
| xpdfreader | xpdf | 3.04-4 | |
| debian | debian_linux | 9.0 | |
| xpdfreader | xpdf | 3.04-13 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.03-17:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCCCEC9-8F50-4F8E-A51F-B973832C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.04-4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60B556-E6FF-44CB-98ED-CCAEFDDA3845",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.04-13:*:*:*:*:*:*:*",
"matchCriteriaId": "C306DA00-63D2-4750-A690-670BDDA3CF89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects."
},
{
"lang": "es",
"value": "xpdf, permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo) en la manera en que se procesan los objetos de flujo PDF de JBIG2."
}
],
"id": "CVE-2010-0206",
"lastModified": "2024-11-21T01:11:45.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T21:15:11.303",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0206"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-15 21:15
Modified
2024-09-11 12:40
Severity ?
Summary
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| xpdf@xpdfreader.com | https://www.xpdfreader.com/security-bug/CVE-2024-7868.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB3C48E-1CB7-4F5A-8A0F-1AFF348F6B21",
"versionEndExcluding": "4.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address."
},
{
"lang": "es",
"value": "En Xpdf 4.05 (y versiones anteriores), la informaci\u00f3n de encabezado no v\u00e1lida en una secuencia DCT (JPEG) puede generar una variable no inicializada en el decodificador DCT. El archivo PDF de prueba de concepto provoca un error de segmentaci\u00f3n al intentar leer desde una direcci\u00f3n no v\u00e1lida."
}
],
"id": "CVE-2024-7868",
"lastModified": "2024-09-11T12:40:01.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
}
]
},
"published": "2024-08-15T21:15:18.530",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-7868.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-11 21:15
Modified
2024-11-21 07:59
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C549C6C1-16A2-4372-976B-95334DB1EABA",
"versionEndIncluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u00a0In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.\n\n\n"
}
],
"id": "CVE-2023-2664",
"lastModified": "2024-11-21T07:59:02.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-11T21:15:10.137",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42422"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-30 23:17
Modified
2024-11-21 00:33
Severity ?
Summary
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | cups | * | |
| freedesktop | poppler | * | |
| gpdf_project | gpdf | * | |
| xpdfreader | xpdf | 3.02 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08916364-08F4-4416-B84E-2BDD2DC0A3EB",
"versionEndIncluding": "1.3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B64EB12-180D-4943-93C5-D99E05DE8422",
"versionEndExcluding": "0.5.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4AA11D-1589-49C3-AF7F-89C25F5E017B",
"versionEndExcluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "14CC22C3-4195-4207-AAA4-E72F22334517",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n StreamPredictor::StreamPredictor en xpdf versi\u00f3n 3.02, tal como es usado en (1) poppler anterior a versi\u00f3n 0.5.91, (2) gpdf anterior a versi\u00f3n 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podr\u00edan permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de un archivo PDF creado que causa un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, en la funci\u00f3n StreamPredictor::getNextLine."
}
],
"id": "CVE-2007-3387",
"lastModified": "2024-11-21T00:33:06.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-30T23:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/40127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26251"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26255"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26257"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26278"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26281"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26283"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26292"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26293"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26297"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26318"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26325"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26343"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26358"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26365"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26370"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26395"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26407"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26425"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26432"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26436"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26468"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26470"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26514"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26607"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26627"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27156"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27281"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27637"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/40127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 17:15
Modified
2024-11-21 07:25
Severity ?
Summary
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
},
{
"lang": "es",
"value": "Un desbordamiento de la pila en la funci\u00f3n Catalog::readPageLabelTree2(Object*) de XPDF v4.04 permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de un archivo PDF manipulado."
}
],
"id": "CVE-2022-43071",
"lastModified": "2024-11-21T07:25:53.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T17:15:11.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42349\u0026p=43959#p43959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42349\u0026p=43959#p43959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-03 00:29
Modified
2024-11-21 03:52
Severity ?
Summary
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453."
},
{
"lang": "es",
"value": "XRef::fetch en XRef.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante un archivo pdf manipulado, relacionado con AcroForm::scanField. Esto queda demostrado con pdftohtml."
}
],
"id": "CVE-2018-16369",
"lastModified": "2024-11-21T03:52:37.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-03T00:29:00.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-27 21:15
Modified
2024-11-21 08:17
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.\n\n"
}
],
"id": "CVE-2023-3436",
"lastModified": "2024-11-21T08:17:15.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-27T21:15:16.047",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Issue Tracking"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42618"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-833"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JJBIG2MMRDecoder::getBlackCode en JBIG2Stream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8102",
"lastModified": "2024-11-21T04:13:15.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-21 13:15
Modified
2024-11-21 07:17
Severity ?
Summary
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393."
},
{
"lang": "es",
"value": "XPDF versi\u00f3n 4.04, es vulnerable a una Desreferencia de Puntero Null en el archivo FoFiType1C.cc:2393"
}
],
"id": "CVE-2022-38928",
"lastModified": "2024-11-21T07:17:15.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T13:15:09.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JBIG2Stream::readGenericBitmap en JBIG2Stream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8103",
"lastModified": "2024-11-21T04:13:16.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n ImageStream::ImageStream en Stream.cc para nBits."
}
],
"id": "CVE-2019-10025",
"lastModified": "2024-11-21T04:18:14.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n PostScriptFunction::exec en Function.cc para el caso psOpMod."
}
],
"id": "CVE-2019-10023",
"lastModified": "2024-11-21T04:18:14.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-06 20:15
Modified
2025-01-29 16:12
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow."
},
{
"lang": "es",
"value": "En Xpdf 4.05 (y versiones anteriores), un bucle de objeto PDF en los recursos PDF provoca una recursividad infinita y un desbordamiento de pila."
}
],
"id": "CVE-2024-4568",
"lastModified": "2025-01-29T16:12:47.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-06T20:15:12.203",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/object-loops.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/object-loops.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n Splash::scaleImageYuXu en Splash.cc para los par\u00e1metros y Bresenham."
}
],
"id": "CVE-2019-10024",
"lastModified": "2024-11-21T04:18:14.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265 | Vendor Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D870CF04-FFAD-40F0-AD80-8888B8FC22DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de acceso inv\u00e1lido a la memoria en la funci\u00f3n TextPage::findGaps(), ubicada en TextOutputDev.c en Xpdf 4.01, que puede (por ejemplo) desencadenarse mediante el env\u00edo de un archivo pdf manipulado al binario pdftops. Permite que un atacante provoque una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o, posiblemente, otro impacto sin especificar."
}
],
"id": "CVE-2019-9877",
"lastModified": "2024-11-21T04:52:29.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:17.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41265"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-03 18:15
Modified
2024-11-21 06:13
Severity ?
Summary
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.03:*:*:*:*:*:*:*",
"matchCriteriaId": "67869B50-18C4-4F9D-8567-FBF97E4EFE10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command."
}
],
"id": "CVE-2021-36493",
"lastModified": "2024-11-21T06:13:46.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-03T18:15:10.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42160"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JPXStream::readTilePartData en JPXStream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8106",
"lastModified": "2024-11-21T04:13:16.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 21:15
Modified
2024-11-21 07:26
Severity ?
Summary
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?t=42360 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?t=42360 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que XPDF v4.04 conten\u00eda un desbordamiento de memoria mediante la funci\u00f3n FileStream::copy() en xpdf/Stream.cc:795."
}
],
"id": "CVE-2022-43295",
"lastModified": "2024-11-21T07:26:13.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T21:15:21.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42360"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-09 21:15
Modified
2024-11-21 01:38
Severity ?
Summary
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| xpdfreader | xpdf | 3.02 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAC1B59-DA71-4416-A223-790E25848186",
"versionEndExcluding": "0.21.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "14CC22C3-4195-4207-AAA4-E72F22334517",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator."
},
{
"lang": "es",
"value": "La funci\u00f3n error en el archivo Error.cc en poppler versiones anteriores a 0.21.4, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un PDF que contiene una secuencia de escape para un emulador terminal."
}
],
"id": "CVE-2012-2142",
"lastModified": "2024-11-21T01:38:35.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T21:15:10.967",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 06:29
Modified
2024-11-21 03:55
Severity ?
Summary
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "La clase GfxImageColorMap en GfxState.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-18455",
"lastModified": "2024-11-21T03:55:58.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T06:29:00.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 21:15
Modified
2024-11-21 01:11
Severity ?
Summary
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207 | Issue Tracking, Third Party Advisory | |
| cret@cert.org | https://security-tracker.debian.org/tracker/CVE-2010-0207 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-0207 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 3.03-17 | |
| debian | debian_linux | 8.0 | |
| xpdfreader | xpdf | 3.04-4 | |
| debian | debian_linux | 9.0 | |
| xpdfreader | xpdf | 3.04-13 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.03-17:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCCCEC9-8F50-4F8E-A51F-B973832C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.04-4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60B556-E6FF-44CB-98ED-CCAEFDDA3845",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.04-13:*:*:*:*:*:*:*",
"matchCriteriaId": "C306DA00-63D2-4750-A690-670BDDA3CF89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers."
},
{
"lang": "es",
"value": "En xpdf, la tabla xref contiene un bucle infinito el cual permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) en visualizadores de PDF basados ??en xpdf."
}
],
"id": "CVE-2010-0207",
"lastModified": "2024-11-21T01:11:45.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T21:15:11.380",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0207"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-15 18:15
Modified
2024-11-21 07:29
Severity ?
Summary
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?t=42361 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?t=42361 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service."
}
],
"id": "CVE-2022-45587",
"lastModified": "2024-11-21T07:29:27.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-15T18:15:11.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-05 18:00
Modified
2024-11-21 01:19
Severity ?
Summary
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | cups | * | |
| freedesktop | poppler | * | |
| xpdfreader | xpdf | * | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| fedoraproject | fedora | 14 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| opensuse | opensuse | 11.3 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08916364-08F4-4416-B84E-2BDD2DC0A3EB",
"versionEndIncluding": "1.3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0432A227-B3A9-4672-B661-96C3F2F47764",
"versionEndIncluding": "0.15.1",
"versionStartIncluding": "0.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8444F877-A312-4E37-9754-60CC7DE24CA2",
"versionEndIncluding": "3.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*",
"matchCriteriaId": "AA082A3C-AF4F-4436-BE42-C38D88A5154F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*",
"matchCriteriaId": "0509A882-65AF-41CA-AE90-CD59B8779354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*",
"matchCriteriaId": "7B92D9ED-E5B3-420E-BBDB-C84518807F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*",
"matchCriteriaId": "C892F205-4326-455E-8563-02971A93E3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*",
"matchCriteriaId": "27F45309-0915-497C-BFAE-D9CA6A5D8C15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
"matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n Gfx::getPos en el analizador PDF en Xpdf versi\u00f3n anterior a 3.02 PL5, Poppler versi\u00f3n 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros productos permite que los atacantes dependiendo del contexto generen una denegaci\u00f3n de servicio (bloqueo) por medio de vectores desconocidos que desencadenan una desreferencia de puntero no inicializada."
}
],
"id": "CVE-2010-3702",
"lastModified": "2024-11-21T01:19:25.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-11-05T18:00:05.017",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42357"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42691"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43079"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-17 19:15
Modified
2025-01-29 16:16
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.\n"
},
{
"lang": "es",
"value": "Escritura de matriz fuera de los l\u00edmites en Xpdf 4.05 y versiones anteriores, provocada por una secuencia Unicode larga en ActualText."
}
],
"id": "CVE-2024-3900",
"lastModified": "2025-01-29T16:16:54.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-17T19:15:08.347",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-3900.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-3900.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-30 05:15
Modified
2024-11-21 07:23
Severity ?
Summary
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.xpdfreader.com/download.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xpdfreader.com/download.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088."
},
{
"lang": "es",
"value": "Se ha detectado un problema en versi\u00f3n Xpdf versi\u00f3n 4.04. Se presenta un fallo en la funci\u00f3n XRef::fetch(int, int, Object*, int) en el archivo xpdf/XRef.cc, una vulnerabilidad diferente a CVE-2018-16369 y CVE-2019-16088"
}
],
"id": "CVE-2022-41844",
"lastModified": "2024-11-21T07:23:55.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-30T05:15:11.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308\u0026p=43844\u0026hilit=XRef%3A%3Afetch#p43844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42340\u0026p=43928\u0026hilit=gfseek#p43928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42308\u0026p=43844\u0026hilit=XRef%3A%3Afetch#p43844"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 06:29
Modified
2024-11-21 03:55
Severity ?
Summary
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "La funci\u00f3n DCTStream::decodeImage en Stream.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-18458",
"lastModified": "2024-11-21T03:55:58.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T06:29:00.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-15 20:15
Modified
2024-08-28 21:59
Severity ?
Summary
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| xpdf@xpdfreader.com | https://www.xpdfreader.com/security-bug/CVE-2024-7867.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero."
},
{
"lang": "es",
"value": " En Xpdf 4.05 (y versiones anteriores), las coordenadas muy grandes en un cuadro de p\u00e1gina pueden provocar un desbordamiento de enteros y una divisi\u00f3n por cero."
}
],
"id": "CVE-2024-7867",
"lastModified": "2024-08-28T21:59:33.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
}
]
},
"published": "2024-08-15T20:15:18.967",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-7867.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-14 00:29
Modified
2024-11-21 03:42
Severity ?
Summary
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data."
},
{
"lang": "es",
"value": "La funci\u00f3n DCTStream::readHuffSym en Stream.cc en el decodificador DCT en xpdf en versiones anteriores a la 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) o, posiblemente, cualquier otro tipo de problema mediante datos JPEG manipulados."
}
],
"id": "CVE-2018-11033",
"lastModified": "2024-11-21T03:42:31.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-14T00:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=40842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=40842"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-24 06:29
Modified
2024-11-21 04:12
Severity ?
Summary
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "Una desreferencia de puntero NULL en XFAForm::scanFields en XFAForm.cc en xpdf 4.00 permite que atacantes inicien una denegaci\u00f3n de servicio (DoS) mediante un archivo pdf espec\u00edfico, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-7454",
"lastModified": "2024-11-21T04:12:09.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-24T06:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-03 23:15
Modified
2024-11-21 05:16
Severity ?
Summary
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A08C08-5321-4B5B-ACD5-7FA191DCF3E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Se presenta un acceso a la memoria no v\u00e1lido en la funci\u00f3n TextString::~TextString() ubicada en el archivo Catalog.cc en Xpdf versi\u00f3n 4.0.2. Puede ser activado (por ejemplo) mediante el env\u00edo de un archivo PDF dise\u00f1ado hacia el binario pdftohtml, que puede permitir a un atacante remoto causar una Denegaci\u00f3n de Servicio (falla de Segmentaci\u00f3n) o posiblemente tener otro impacto no especificado"
}
],
"id": "CVE-2020-24996",
"lastModified": "2024-11-21T05:16:25.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-03T23:15:09.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-11 21:15
Modified
2025-01-24 16:15
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C549C6C1-16A2-4372-976B-95334DB1EABA",
"versionEndIncluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u00a0In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.\n\n\n"
}
],
"id": "CVE-2023-2663",
"lastModified": "2025-01-24T16:15:31.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-11T21:15:10.043",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42421"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 06:29
Modified
2024-11-21 03:55
Severity ?
Summary
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "La funci\u00f3n Object::isName() en Object.h (llamado desde Gfx::opSetFillColorN) en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en pila) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-18456",
"lastModified": "2024-11-21T03:55:58.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T06:29:00.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-15 21:15
Modified
2025-01-29 16:11
Severity ?
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference."
},
{
"lang": "es",
"value": "Escritura de matriz fuera de los l\u00edmites en Xpdf 4.05 y versiones anteriores, debido a que falta la verificaci\u00f3n del tipo de objeto en la referencia del campo AcroForm."
}
],
"id": "CVE-2024-4976",
"lastModified": "2025-01-29T16:11:00.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
}
]
},
"published": "2024-05-15T21:15:09.560",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-15 21:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en xpdf 4.00. Una desreferencia de puntero NULL en readCodestream permite que un atacante provoque una denegaci\u00f3n de servicio (DoS) mediante una imagen JPX con cero componentes."
}
],
"id": "CVE-2018-7175",
"lastModified": "2024-11-21T04:11:43.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T21:29:00.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-25 13:29
Modified
2024-11-21 03:56
Severity ?
Summary
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 | Exploit, Third Party Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/152005 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.00. catalog-\u003egetNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.00. catalog-\u003egetNumPages() en AcroForm.cc permite que los atacantes provoquen una denegaci\u00f3n de servicio (bloqueo provocado por un gran bucle) mediante un archivo PDF espec\u00edfico, tal y como queda demostrado con pdftohtml. Esto es provocado principalmente por un n\u00famero grande tras el campo /Count en el archivo."
}
],
"id": "CVE-2018-18651",
"lastModified": "2024-11-21T03:56:18.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-25T13:29:00.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-15 21:29
Modified
2024-11-21 04:11
Severity ?
Summary
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding."
},
{
"lang": "es",
"value": "Un gran bucle en JBIG2Stream::readSymbolDictSeg en xpdf 4.00 permite que un atacante provoque una denegaci\u00f3n de servicio (DoS) mediante un archivo espec\u00edfico debido a un descifrado inapropiado."
}
],
"id": "CVE-2018-7173",
"lastModified": "2024-11-21T04:11:43.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T21:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-172"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-21 06:15
Modified
2024-11-21 05:18
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.02 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "405F7593-5AB5-416A-A64D-846B3D9F5A94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-\u003ecache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn\u0027t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.02, la funci\u00f3n SplashOutputDev::endType3Char(GfxState *state) en el archivo SplashOutputDev.cc:3079, est\u00e1 tratando de usar \"t3GlyphStack-)cache\", el liberado, lo que causa un problema de \"heap-use-after-free\".\u0026#xa0;Los c\u00f3digos de una soluci\u00f3n anterior para caracteres Type 3 anidados no manejaban correctamente el caso en el que un car\u00e1cter Type 3 referenciada a otro car\u00e1cter en la misma fuente Type 3"
}
],
"id": "CVE-2020-25725",
"lastModified": "2024-11-21T05:18:35.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-21T06:15:12.240",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41915"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JPXStream::readTilePart en JPXStream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) o, probablemente, provocar cualquier otro tipo de impacto mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8100",
"lastModified": "2024-11-21T04:13:15.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 17:15
Modified
2024-11-21 07:07
Severity ?
Summary
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42286 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42287 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42286 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42287 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files."
},
{
"lang": "es",
"value": "Se ha detectado que XPDF versi\u00f3n v4.04, contiene una vulnerabilidad de desbordamiento de pila por medio de la clase Object::Copy de los archivos object.cc"
}
],
"id": "CVE-2022-33108",
"lastModified": "2024-11-21T07:07:33.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T17:15:08.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42284"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42286"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42287"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-26 19:15
Modified
2024-11-21 07:52
Severity ?
Summary
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states \u201cit\u0027s an expected abort on out-of-memory error.\u201d"
}
],
"id": "CVE-2023-26930",
"lastModified": "2024-11-21T07:52:04.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-26T19:15:08.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/huanglei3/xpdf_aborted"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/huanglei3/xpdf_aborted"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-02 23:15
Modified
2025-01-29 16:18
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| xpdf@xpdfreader.com | https://forum.xpdfreader.com/viewtopic.php?t=43657 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?t=43657 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.\n"
},
{
"lang": "es",
"value": "En Xpdf 4.05 (y versiones anteriores), un bucle de objeto PDF en los archivos adjuntos provoca una recursividad infinita y un desbordamiento de la pila."
}
],
"id": "CVE-2024-3248",
"lastModified": "2025-01-29T16:18:20.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-02T23:15:55.493",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43657"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n Splash::scaleImageYuXu en Splash.cc para los par\u00e1metros x Bresenham."
}
],
"id": "CVE-2019-10020",
"lastModified": "2024-11-21T04:18:14.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-24 19:15
Modified
2025-01-29 16:13
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.\n"
},
{
"lang": "es",
"value": "Escritura de matriz fuera de los l\u00edmites en Xpdf 4.05 y versiones anteriores, provocada por un c\u00f3digo de car\u00e1cter no v\u00e1lido en una fuente Tipo 1. La ra\u00edz del problema era una verificaci\u00f3n de los l\u00edmites que los compiladores modernos estaban optimizando."
}
],
"id": "CVE-2024-4141",
"lastModified": "2025-01-29T16:13:50.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-24T19:15:47.953",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4141.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-15 21:15
Modified
2024-11-21 07:16
Severity ?
Summary
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42122 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42314&p=43872 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42122 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42314&p=43872 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C549C6C1-16A2-4372-976B-95334DB1EABA",
"versionEndIncluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc."
},
{
"lang": "es",
"value": "Se ha descubierto que XPDF v4.04 y anteriores contienen un desbordamiento de pila a trav\u00e9s de la funci\u00f3n Catalog::countPageTree() en Catalog.cc"
}
],
"id": "CVE-2022-38334",
"lastModified": "2024-11-21T07:16:16.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-15T21:15:09.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 13:15
Modified
2024-11-21 06:55
Severity ?
Summary
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/verf1sh/Poc/blob/master/pic_ppm.png | Third Party Advisory | |
| cve@mitre.org | https://github.com/verf1sh/Poc/blob/master/poc_ppm | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/verf1sh/Poc/blob/master/pic_ppm.png | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/verf1sh/Poc/blob/master/poc_ppm | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.03:*:*:*:*:*:*:*",
"matchCriteriaId": "67869B50-18C4-4F9D-8567-FBF97E4EFE10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary."
},
{
"lang": "es",
"value": "xpdf versi\u00f3n 4.03, presenta un desbordamiento del b\u00fafer de la pila en la funci\u00f3n readXRefTable ubicada en el archivo XRef.cc. Un atacante puede explotar este bug para causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) u otros efectos no especificados mediante el env\u00edo de un archivo PDF dise\u00f1ado al binario pdftoppm"
}
],
"id": "CVE-2022-27135",
"lastModified": "2024-11-21T06:55:13.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T13:15:49.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42232"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/verf1sh/Poc/blob/master/pic_ppm.png"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/verf1sh/Poc/blob/master/poc_ppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/verf1sh/Poc/blob/master/pic_ppm.png"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/verf1sh/Poc/blob/master/poc_ppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:33
Severity ?
Summary
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42092 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42092 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "405F7593-5AB5-416A-A64D-846B3D9F5A94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02."
}
],
"id": "CVE-2022-48545",
"lastModified": "2024-11-21T07:33:30.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:31.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42092"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-24 06:29
Modified
2024-11-21 04:12
Severity ?
Summary
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "Una desreferencia de puntero NULL en JPXStream::fillReadBuf en PXStream.cc en xpdf 4.00 permite que atacantes inicien una denegaci\u00f3n de servicio (DoS) mediante un archivo pdf espec\u00edfico, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-7452",
"lastModified": "2024-11-21T04:12:09.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-24T06:29:00.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JPXStream::close en JPXStream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8107",
"lastModified": "2024-11-21T04:13:16.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JPXStream::inverseTransformLevel en JPXStream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8101",
"lastModified": "2024-11-21T04:13:15.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-02 23:15
Modified
2024-11-21 08:16
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.
This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| xpdf@xpdfreader.com | https://github.com/baker221/poc-xpdf | Exploit, Third Party Advisory | |
| xpdf@xpdfreader.com | https://www.xpdfreader.com/security-bug/CVE-2023-3044.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/baker221/poc-xpdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xpdfreader.com/security-bug/CVE-2023-3044.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70492207-C977-44E7-BA29-17CAC6333E30",
"versionEndExcluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf\u0027s text extraction code.\n\n\n\n\nThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\n\n\n"
}
],
"id": "CVE-2023-3044",
"lastModified": "2024-11-21T08:16:18.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-02T23:15:09.580",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/baker221/poc-xpdf"
},
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/baker221/poc-xpdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4042-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4042-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n PostScriptFunction::exec en Function.cc para el caso psOpIdiv."
}
],
"id": "CVE-2019-10018",
"lastModified": "2024-11-21T04:18:13.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kermitt2/pdfalto/issues/46 | Third Party Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kermitt2/pdfalto/issues/46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pdfalto_project | pdfalto | 0.2 | |
| xpdfreader | xpdf | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pdfalto_project:pdfalto:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5C3FA2-BD27-447F-B3E7-F3D7F48B4C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAE5F58-1321-4A0C-9022-864EA0759909",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Hay un acceso inv\u00e1lido a la memoria en la funci\u00f3n GfxIndexedColorSpace::mapColorToBase(), ubicada en GfxState.cc en Xpdf 4.0.0, tal y como se emplea en pdfalto 0.2. Esto puede desencadenarse, por ejemplo, mediante el env\u00edo de un archivo pdf manipulado al binario pdftops. Permite que un atacante provoque una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o, posiblemente, otro impacto sin especificar."
}
],
"id": "CVE-2019-9878",
"lastModified": "2024-11-21T04:52:29.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:17.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kermitt2/pdfalto/issues/46"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kermitt2/pdfalto/issues/46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-30 05:15
Modified
2024-11-21 07:23
Severity ?
Summary
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Xpdf versi\u00f3n 4.04. Se presenta un fallo en la funci\u00f3n convertToType0 en el archivo fofi/FoFiType1C.cc, una vulnerabilidad diferente a CVE-2022-38928"
}
],
"id": "CVE-2022-41843",
"lastModified": "2024-11-21T07:23:55.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-30T05:15:11.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 06:29
Modified
2024-11-21 03:55
Severity ?
Summary
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "CCITTFaxStream::readRow() en Stream.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-18454",
"lastModified": "2024-11-21T03:55:58.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T06:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-09 18:15
Modified
2024-11-21 07:02
Severity ?
Summary
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42261 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42261 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3E858B-76F5-4E7F-9AC7-42D7FD9F68B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Se presenta un acceso no v\u00e1lido a la memoria en la clase TextLine en el archivo TextOutputDev.cc en Xpdf versi\u00f3n 4.0.4, porque el extractor de texto maneja inapropiadamente los caracteres en coordenadas y grandes. Puede desencadenarse (por ejemplo) mediante el env\u00edo de un archivo pdf dise\u00f1ado al binario pdftotext, lo que permite a un atacante remoto causar una Denegaci\u00f3n de Servicio (fallo de segmentaci\u00f3n) o posiblemente tener otro impacto no especificado"
}
],
"id": "CVE-2022-30524",
"lastModified": "2024-11-21T07:02:52.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-09T18:15:09.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n PostScriptFunction::exec en Function.cc para el caso psOpRoll."
}
],
"id": "CVE-2019-10026",
"lastModified": "2024-11-21T04:18:15.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-24 06:29
Modified
2024-11-21 04:12
Severity ?
Summary
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?p=814#p814 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?p=814#p814 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "Recursi\u00f3n infinita en AcroForm::scanField en AcroForm.cc en xpdf 4.00 permite que atacantes inicien una denegaci\u00f3n de servicio (DoS) mediante un archivo pdf espec\u00edfico debido a la falta de comprobaci\u00f3n de bucles, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-7453",
"lastModified": "2024-11-21T04:12:09.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-24T06:29:00.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?p=814#p814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?p=814#p814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-03 23:15
Modified
2024-11-21 05:16
Severity ?
Summary
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A08C08-5321-4B5B-ACD5-7FA191DCF3E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Se presenta un acceso a la memoria no v\u00e1lido en la funci\u00f3n fprintf ubicada en el archivo Error.cc en Xpdf versi\u00f3n 4.0.2. Puede ser activada mediante el env\u00edo de un archivo PDF dise\u00f1ado, hacia el binario pdftohtml, que permite a un atacante remoto causar una Denegaci\u00f3n de Servicio o posiblemente tener otro impacto no especificado"
}
],
"id": "CVE-2020-24999",
"lastModified": "2024-11-21T05:16:25.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-03T23:15:09.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n JPXStream::fillReadBuf en JPXStream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8105",
"lastModified": "2024-11-21T04:13:16.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 03:15
Modified
2024-11-21 07:03
Severity ?
Summary
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option."
},
{
"lang": "es",
"value": "xpdf versi\u00f3n 4.04, asigna un exceso de memoria cuando le es presentada una entrada dise\u00f1ada. Esto puede ser desencadenado (por ejemplo) mediante el env\u00edo de un documento PDF dise\u00f1ado al binario pdftoppm. Es m\u00e1s f\u00e1cil de reproducir con la opci\u00f3n DCMAKE_CXX_COMPILER=afl-clang-fast++"
}
],
"id": "CVE-2022-30775",
"lastModified": "2024-11-21T07:03:21.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T03:15:07.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-18 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42115 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42115 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.03:*:*:*:*:*:*:*",
"matchCriteriaId": "67869B50-18C4-4F9D-8567-FBF97E4EFE10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desreferencia de puntero Null en la funci\u00f3n XFAScanner::scanNode() en el archivo XFAScanner.cc en xpdf versi\u00f3n 4.03"
}
],
"id": "CVE-2021-27548",
"lastModified": "2024-11-21T05:58:10.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T15:15:08.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 03:29
Modified
2024-11-21 04:13
Severity ?
Summary
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
},
{
"lang": "es",
"value": "La funci\u00f3n BufStream::lookChar en Stream.cc en xpdf 4.00 permite que atacantes provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) mediante un archivo pdf en concreto, tal y como demuestra pdftohtml."
}
],
"id": "CVE-2018-8104",
"lastModified": "2024-11-21T04:13:16.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T03:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n PSOutputDev::checkPageSlice en PSOutputDev.cc para nStripes."
}
],
"id": "CVE-2019-10019",
"lastModified": "2024-11-21T04:18:14.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "96333494-EAB9-428C-B937-07687E4BBC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepci\u00f3n de punto flotante en la funci\u00f3n ImageStream::ImageStream en Stream.cc para nComps."
}
],
"id": "CVE-2019-10021",
"lastModified": "2024-11-21T04:18:14.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T00:29:05.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-02 23:15
Modified
2025-01-29 16:19
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| xpdf@xpdfreader.com | https://forum.xpdfreader.com/viewtopic.php?t=43597 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?t=43597 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.\n"
},
{
"lang": "es",
"value": "En Xpdf 4.05 (y versiones anteriores), un bucle de un objeto PDF en una secuencia de objetos genera una recursividad infinita y un desbordamiento de la pila."
}
],
"id": "CVE-2024-3247",
"lastModified": "2025-01-29T16:19:03.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-02T23:15:55.300",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43597"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 19:15
Modified
2025-02-03 14:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * | |
| apple | watchos | * | |
| xpdfreader | xpdf | * | |
| freedesktop | poppler | * |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple Multiple Products Integer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD67B72-0B1D-46A8-A149-8149ED749FEC",
"versionEndExcluding": "14.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5998D71C-A481-4F0C-AA06-B1FF0E6664A0",
"versionEndExcluding": "12.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "478E12B4-50EB-4CB2-9C50-D8F08127FB12",
"versionEndExcluding": "14.8",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F52D69C-8621-4E01-ABDE-8473A590BCB6",
"versionEndExcluding": "11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3232C3B6-D79F-4FDB-9621-4E314798AD7D",
"versionEndExcluding": "7.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B98328A-2A47-438F-886B-1A6AF87990DF",
"versionEndExcluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A7D6AF-D14E-4AD5-A9B8-12337347DC09",
"versionEndExcluding": "22.09.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
},
{
"lang": "es",
"value": "Se ha solucionado un desbordamiento de enteros con una validaci\u00f3n de entrada mejorada. Este problema se soluciona en la actualizaci\u00f3n de seguridad 2021-005 Catalina, iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. El procesamiento de un PDF malintencionado puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente."
}
],
"id": "CVE-2021-30860",
"lastModified": "2025-02-03T14:15:32.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-08-24T19:15:14.370",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212824"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 06:29
Modified
2024-11-21 03:55
Severity ?
Summary
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm."
},
{
"lang": "es",
"value": "La funci\u00f3n DCTStream::readScan en Stream.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm."
}
],
"id": "CVE-2018-18457",
"lastModified": "2024-11-21T03:55:58.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T06:29:00.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-25 13:29
Modified
2024-11-21 03:56
Severity ?
Summary
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 | Exploit, Third Party Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/152006 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19B28AC8-BC60-47E6-94E2-2A8541B53B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Xpdf 4.00. XRef::readXRefStream en XRef.cc permite que los atacantes lancen una denegaci\u00f3n de servicio (desbordamiento de enteros) mediante un valor /Size manipulado en un archivo pdf, tal y como queda demostrado con pdftohtml. Esto es provocado principalmente porque el programa intenta una operaci\u00f3n malloc para una gran cantidad de memoria."
}
],
"id": "CVE-2018-18650",
"lastModified": "2024-11-21T03:56:18.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-25T13:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41219\u0026p=41747#p41747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-15 20:15
Modified
2024-08-20 19:23
Severity ?
Summary
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| xpdf@xpdfreader.com | https://www.xpdfreader.com/security-bug/object-loops.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3",
"versionEndIncluding": "4.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow."
},
{
"lang": "es",
"value": " En Xpdf 4.05 (y versiones anteriores), un bucle de objeto PDF en un recurso de patr\u00f3n provoca una recursividad infinita y un desbordamiento de pila."
}
],
"id": "CVE-2024-7866",
"lastModified": "2024-08-20T19:23:02.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
}
]
},
"published": "2024-08-15T20:15:18.793",
"references": [
{
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.xpdfreader.com/security-bug/object-loops.html"
}
],
"sourceIdentifier": "xpdf@xpdfreader.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "xpdf@xpdfreader.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-26 04:15
Modified
2024-11-21 05:27
Severity ?
Summary
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.02 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "405F7593-5AB5-416A-A64D-846B3D9F5A94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function."
},
{
"lang": "es",
"value": "Xpdf versi\u00f3n 4.02 permite un consumo de la pila debido a una referencia de subrutina incorrecta en una cadena de caracteres fuente Tipo 1C, relacionada con la funci\u00f3n FoFiType1C::getOp()"
}
],
"id": "CVE-2020-35376",
"lastModified": "2024-11-21T05:27:14.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-26T04:15:12.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42066"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-22 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 | |
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A7D6AF-D14E-4AD5-A9B8-12337347DC09",
"versionEndExcluding": "22.09.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics)."
},
{
"lang": "es",
"value": "Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la funci\u00f3n JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente dise\u00f1ados podr\u00eda conllevar a un fallo o una ejecuci\u00f3n de c\u00f3digo arbitrario. Esto es similar a la vulnerabilidad descrita por CVE-2021-30860 (Apple CoreGraphics)."
}
],
"id": "CVE-2022-38171",
"lastModified": "2024-11-21T07:15:56.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T19:15:11.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201011-0178
Vulnerability from variot
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. Xpdf is prone to a vulnerability due to an array-indexing error. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious PDF file with an affected application. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
Updated Packages:
Mandriva Linux 2010.0: f8eeb85b978e98a9bfffce7ab584e9df 2010.0/i586/libpoppler5-0.12.4-1.2mdv2010.0.i586.rpm 11b9dfe9e37261bec174c25aae9d71b4 2010.0/i586/libpoppler-devel-0.12.4-1.2mdv2010.0.i586.rpm b9af206162c906094204ed13a4620318 2010.0/i586/libpoppler-glib4-0.12.4-1.2mdv2010.0.i586.rpm eea6fc72a55f119c2fe7aef2c37400f6 2010.0/i586/libpoppler-glib-devel-0.12.4-1.2mdv2010.0.i586.rpm d83f8f81d2cbb11a3a12e0654d63cd11 2010.0/i586/libpoppler-qt2-0.12.4-1.2mdv2010.0.i586.rpm 8e1f7d0278a299b55e1b213f90462610 2010.0/i586/libpoppler-qt4-3-0.12.4-1.2mdv2010.0.i586.rpm 6f1505518bb6a42bd017f4ed00ed5f3f 2010.0/i586/libpoppler-qt4-devel-0.12.4-1.2mdv2010.0.i586.rpm 6bfceb4bbb5565f829c765e15d9f84f8 2010.0/i586/libpoppler-qt-devel-0.12.4-1.2mdv2010.0.i586.rpm 69b87e12827e20261bcac5c1a9f6cc47 2010.0/i586/poppler-0.12.4-1.2mdv2010.0.i586.rpm b395b580e189eac53cec4cdce2ceaeeb 2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 5ac922ba77b7e24852b032cb96d66dcc 2010.0/x86_64/lib64poppler5-0.12.4-1.2mdv2010.0.x86_64.rpm a35fdb10aaaeda661082eea969c8cb10 2010.0/x86_64/lib64poppler-devel-0.12.4-1.2mdv2010.0.x86_64.rpm be4e55287976d6d9f0bc8acdd41dc371 2010.0/x86_64/lib64poppler-glib4-0.12.4-1.2mdv2010.0.x86_64.rpm 2e63d0dff69e958f0b926cf6d0026c61 2010.0/x86_64/lib64poppler-glib-devel-0.12.4-1.2mdv2010.0.x86_64.rpm b50e39d108dc2458c252fbf365e2aaff 2010.0/x86_64/lib64poppler-qt2-0.12.4-1.2mdv2010.0.x86_64.rpm 7b249ff04f794fb6a8dc8b05564143e4 2010.0/x86_64/lib64poppler-qt4-3-0.12.4-1.2mdv2010.0.x86_64.rpm 121f80f800f144eb489f0cdce287e7ef 2010.0/x86_64/lib64poppler-qt4-devel-0.12.4-1.2mdv2010.0.x86_64.rpm fb7297fbbd3758eca663813932d822fe 2010.0/x86_64/lib64poppler-qt-devel-0.12.4-1.2mdv2010.0.x86_64.rpm 5fbd9b1cbd0c18cc7f5a77ee8c9421e8 2010.0/x86_64/poppler-0.12.4-1.2mdv2010.0.x86_64.rpm b395b580e189eac53cec4cdce2ceaeeb 2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.1: 039272fbf964bf0cda8ee8be3f73d7f0 2010.1/i586/libpoppler5-0.12.4-2.1mdv2010.1.i586.rpm 4b8cd7ba4fcad0fdb13d498d9659353e 2010.1/i586/libpoppler-devel-0.12.4-2.1mdv2010.1.i586.rpm 0c8ecda02ad63275628fdf7dbb886d85 2010.1/i586/libpoppler-glib4-0.12.4-2.1mdv2010.1.i586.rpm a899985446082afaf7a552a9d093fa7b 2010.1/i586/libpoppler-glib-devel-0.12.4-2.1mdv2010.1.i586.rpm 98cc33b6085f8b5a3e450814217a87fc 2010.1/i586/libpoppler-qt2-0.12.4-2.1mdv2010.1.i586.rpm aca2798c969fe7e1ae41f8fda8c767bf 2010.1/i586/libpoppler-qt4-3-0.12.4-2.1mdv2010.1.i586.rpm 766c5b85413728af84378f56647f3d6e 2010.1/i586/libpoppler-qt4-devel-0.12.4-2.1mdv2010.1.i586.rpm e1af5e2dda8be30d3ac1e009ce856588 2010.1/i586/libpoppler-qt-devel-0.12.4-2.1mdv2010.1.i586.rpm e2060c17f1f8ece622fbcf94e50205d7 2010.1/i586/poppler-0.12.4-2.1mdv2010.1.i586.rpm a3495563ca96089190aef76b6c25df4d 2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: 142bdd508c9c62480b467b3aa74a6eb1 2010.1/x86_64/lib64poppler5-0.12.4-2.1mdv2010.1.x86_64.rpm 423f44b8802e838afbdd9be973bee11b 2010.1/x86_64/lib64poppler-devel-0.12.4-2.1mdv2010.1.x86_64.rpm 88b25a582c2bf185196e8d68b2567bd9 2010.1/x86_64/lib64poppler-glib4-0.12.4-2.1mdv2010.1.x86_64.rpm 5ea3f17b45cdddf438d4642348f0133d 2010.1/x86_64/lib64poppler-glib-devel-0.12.4-2.1mdv2010.1.x86_64.rpm 11e9facfbca3b5d916f480e5053614cd 2010.1/x86_64/lib64poppler-qt2-0.12.4-2.1mdv2010.1.x86_64.rpm 51f3818574979e270265d94947b863ff 2010.1/x86_64/lib64poppler-qt4-3-0.12.4-2.1mdv2010.1.x86_64.rpm d7c2b054dd96ac00eb7caf957d290cf6 2010.1/x86_64/lib64poppler-qt4-devel-0.12.4-2.1mdv2010.1.x86_64.rpm 9533bb591cd679ba8f880b23605e837a 2010.1/x86_64/lib64poppler-qt-devel-0.12.4-2.1mdv2010.1.x86_64.rpm a6fd550b90857f4cbfcd97213d5e7918 2010.1/x86_64/poppler-0.12.4-2.1mdv2010.1.x86_64.rpm a3495563ca96089190aef76b6c25df4d 2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM3VkMmqjQ0CJFipgRAt1ZAKDMo9oWIQ/0cZWwYHte7+QQWtASZwCfTuRR Qp8m00pY+5aiMBWXOR3I64k= =VPTO -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
TITLE: Xpdf Two Vulnerabilities
SECUNIA ADVISORY ID: SA41709
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41709
RELEASE DATE: 2010-10-12
DISCUSS ADVISORY: http://secunia.com/advisories/41709/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41709/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41709
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system.
For more information see vulnerabilities #1 and #2 in: SA41596
SOLUTION: Do not open files from untrusted sources.
PROVIDED AND/OR DISCOVERED BY: Reported in Poppler by Joel Voss, Leviathan Security Group.
ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0751.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-17
http://security.gentoo.org/
Severity: Normal Title: Xpdf: User-assisted execution of arbitrary code Date: February 17, 2014 Bugs: #386271 ID: 201402-17
Synopsis
Multiple vulnerabilities in Xpdf could result in execution of arbitrary code.
Background
Xpdf is an X viewer for PDF files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/xpdf <= 3.02-r4 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Xpdf. We recommend that users unmerge Xpdf:
# emerge --unmerge "app-text/xpdf"
References
[ 1 ] CVE-2009-4035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035 [ 2 ] CVE-2010-3702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702 [ 3 ] CVE-2010-3704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201402-17.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3.
For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library.
Upgrade instructions
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1005-1 October 19, 2010 poppler vulnerabilities CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.8 libpoppler1-glib 0.5.1-0ubuntu7.8
Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.5 libpoppler2 0.6.4-1ubuntu3.5
Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.6 libpoppler4 0.10.5-1ubuntu2.6
Ubuntu 9.10: libpoppler-glib4 0.12.0-0ubuntu2.3 libpoppler5 0.12.0-0ubuntu2.3
Ubuntu 10.04 LTS: libpoppler-glib4 0.12.4-0ubuntu5.1 libpoppler5 0.12.4-0ubuntu5.1
Ubuntu 10.10: libpoppler-glib5 0.14.3-0ubuntu1.1 libpoppler7 0.14.3-0ubuntu1.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz
Size/MD5: 27259 bedbca4c7d1fbb131e87ac7d01b9ccfb
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.dsc
Size/MD5: 2375 9242a34c31aec338034bad41ff0e04fb
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz
Size/MD5: 954930 a136cd731892f4570933034ba97c8704
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 729804 990c4697220246f06734ec985bf79805
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 58242 4e17049f4d461125928bd33eb905542e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 47402 2e1911778f8d114dc01570a16cc753fa
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 52998 4dc5f9471611f96ec0bfb5314a527d67
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 43618 37459b85fdf031fdba6e1b35ea116679
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 546536 7ad7ef20bd092f9007a0a4f2920d301d
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_amd64.deb
Size/MD5: 101316 389d8b7bf42dd291ae246bbe5306c66e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 664928 8670a45be74a527aa2381c786d6f499c
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 56038 20fa91b22991fbf8f2855d0019a30066
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 46100 aa511d2877d5a86ee35fb8760168e746
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 51888 e635377fcd0afcc86fb5665f12596940
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 43120 0a299604034207977e6549719e97c3bb
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 505126 546b78451a3db468d906a13c3e461755
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_i386.deb
Size/MD5: 93028 075e41dd3d3608e7e4a5f682d3ab0d45
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 769490 69fe73d00ba079febc5ada96e82cb518
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 60272 ef55f2b86d376cfc7f81786fa56f0852
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 47556 20725d1ceae67bd27b629bda23ea27aa
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 54288 f1652517075e0ea34c6b762e8e1ec6ba
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 44890 7ce2dad1bd9962aecd9184b74de80dbd
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 552776 7b30e7f41666d93aaa7d3a95537333d8
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_powerpc.deb
Size/MD5: 105656 6d4c33c8c30e18aba3e5248d19945312
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 690766 199896329398917fe8f2a37179d02a34
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 56618 d6fe358f5cdcbc02450e69db342ee8b3
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 46092 5d19384e2488912b2ba4d98ff39906b7
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 51360 9b6aaada69d2fd81edbf8a3f1e236256
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 42362 914f0dfd79b25858ad12ad20c4407905
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 518396 ccb5b4d7b6a3966174b55e82597d90b8
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_sparc.deb
Size/MD5: 93880 6343457c99d3fe9e95c65e7f11ed1688
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.diff.gz
Size/MD5: 22610 e40e61ff8f404dd8c570d7d9d37d3344
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.dsc
Size/MD5: 1832 5e30251249c773f2fdb94278bf11050c
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz
Size/MD5: 1294481 13d12ca4e349574cfbbcf4a9b2b3ae52
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 899230 8fce2b7acfae6b6397caf9caf140a031
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 110018 dfafa5b34781fe749705af443a32d855
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 54810 5febb6077ff4019f33ef36b39d05087b
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 46176 f53d822dbade16249befcf24f503c443
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 25520 85571978f17908b52fde4a635b1a411e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 146760 9ff80c2dbf2bb811e31e1b66caf6279c
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 201282 909dc624c82bc3c89a0b46ee49fc080f
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 648816 9c4f1dbc90f19b95970d601d05ebf72b
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_amd64.deb
Size/MD5: 78984 ea5c07bc1f8cc794416c93e05b4f4815
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 839500 f428fc3b2317229955ebf3145bd8b1ef
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 102844 5abd270a2f436fd79d5fa021ed0a75a2
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 52354 58e6cec2618c530ae21ca02fb009da06
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 42614 9370944020717ba5be753fe28ab981d0
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 25050 57ac26b842693f33b609ea6d6ced073b
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 143622 9f476e4d71f8693f39e73e76c9a65d3c
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 190086 b40f870abc3aa6f6b8203de269e88d93
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 623310 43c9e0e5063794de8b008a567dd48545
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_i386.deb
Size/MD5: 73692 d5434601a4e7ef66297888f349217a1f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 859546 59e85a8660b8972ffac2b9964be303bd
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 103834 2dd93fcfeb085ad2d2ebbf2631b094e9
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 52614 bfa697640e43ddb7314d66f7107e021f
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 43048 f1173347bdf4b450a9058f558a0e98e0
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 24792 2f1a32e1c3062d9ff8ad2bac1a89a5e2
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 145068 e079cb3940740d3866454898c7a635ba
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 191294 c0083aef2f0adfc21064be2f95f6316d
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 637232 bff9ecff5a68a668e00a2c0bab55b290
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_lpia.deb
Size/MD5: 74708 14d03ac4f0abc79bb2b7696776db9362
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 956836 642c3332a4295161be0729b72f6ccfb0
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 115792 671359d71e699df8ef011ef9b1b97e13
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 58464 118f2e096f121fb43ad8a287335f5892
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 46142 60ec3d227164cb4f52531bf0d0d94a71
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 28862 cf22690c891eaf82c9587faff7e7aec1
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 152744 fef8f36a164ceb3a425882cc697d9cad
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 209554 7c20fafa41749c91709a2c925844cad1
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 683376 5c9e55ebefa5e5dfabbd72787bf5b7bb
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_powerpc.deb
Size/MD5: 94454 50f79c3f37ccade2e26ac5f01fedb367
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 859950 ca8b01d58970c27729fb9311f7706611
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 104158 a60feaf9f57f703ae37d4587071e10e3
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 51408 3a832dd5583a5ebdca67fb868b774f46
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 42008 563aa6cce06916284a5bbccc8f9a4a2a
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 23902 dbda45ef43ff352439a2595766a8725f
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 145340 fcacd993458d4e16e4104b1c2fef74b5
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 193258 872f6f3ef8af1a386100f929342c23f3
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 631572 31bc91916469b6fee1e4ed2411b98c70
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_sparc.deb
Size/MD5: 72984 85a3e42acdf1819c8fc07053cb9012c3
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.diff.gz
Size/MD5: 22658 46a4434de1013ad6a1aedd7f83f4638e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.dsc
Size/MD5: 2319 cb6568c37577a77805a323102daf8cbe
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5.orig.tar.gz
Size/MD5: 1516687 125f671a19707861132fb03e73b61184
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 1000762 2511c181edee11136cd95f2fd8f7df4e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 124320 8e44bb95aaf500ea3f5f2cfeda92c77b
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 64498 433f22fd427b85eda6c6f79c093c7bf4
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 51136 3fce9dd192f7cf72beb2a462b78a045f
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 26084 40b1eb43d7c31c344ee807f67b56405a
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 166096 856ebcf506dfe1e6f73a16d039683576
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 235030 001590442c32e9d44d12c708cb484a34
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 715688 100b06d8f1c178b74a72627c1293a99d
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 3191282 9fad2dc154e6816007978eecba272f98
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_amd64.deb
Size/MD5: 80310 e6f5e58168c6548ee953afc2f2e198e2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 939116 1a637f61cc6980c737f0485fc2ee9d46
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 118186 be93a766d70095e2b904e8a1059c1ea9
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 61432 b48d904620036b494dae30f846757933
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 48108 502e462be767601fd4f37278ff6fb0c9
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 25400 0d97956139ca4df762ff50924775c7ee
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 164406 c48888d902bace1af6f9568bc7d11781
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 219842 642d8bf864daa53baa9aba14ef1d8e8d
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 687198 ebd3b55dd94130e8031fce6fdd9c2977
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 3106210 be7d517d3130e27b75b778b1fafab2c2
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_i386.deb
Size/MD5: 75150 842cb849ecdc92162f1ef0645a89694a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 951712 5833f800109087edef20d0d2e043a2a0
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 118064 f415be637dbb5991ce0cf7d4bc62b9b7
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 61512 247589fb21e89512e10055a39cdef0c0
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 48234 53a1552904e2243babf5b4480f4e39d2
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 25090 fe55913c8f07a2d573d202669dd1697e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 164652 37ca1c8caa83a03a65f2d24d4f7576bb
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 220064 5d8c233389507dc10c6830ab35ab31e4
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 698034 6b6e1e71dc2b4d73ce5d91ab18ed1434
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 3141000 792164965ecec628891930c15056146e
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_lpia.deb
Size/MD5: 75852 566179c180af7420345a59aef66d20ab
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 1067816 72f7c6c253c7a0d6de9572a45b766bea
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 132060 05faca87e109c1c75a82a458b2d23949
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 69138 2c877d50106cacbfa82cb9e60e572e7e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 51250 377d0b6a2fb986aafde1ee9f8045e04a
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 28790 9a4a744f8bbaee83ab3e0d624425dda3
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 170364 ce061c2566a07dd3c159a23d66d829fc
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 239232 b223e0531752af48a78b9feb2964e77a
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 751112 72ec27c3cfa98ec9c51e1735b233d70a
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 3289146 731cdf54cada7da65a2a3c939df59f93
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_powerpc.deb
Size/MD5: 92846 b62d9487645a67d4c892c3671a75e05c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 958890 6948353f591647da86e316845ec8f9eb
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 120824 6ff59a3bbd4a9b425ef23110a76c4298
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 61180 2cc5e6f027e76b607defdc9a797fea4d
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 47586 c343721df8aec6efa801c42368c65187
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 24302 829a6fd6cb43629453b0d03abb134c74
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 165794 e2baae9323c3dc1bfd4c7a5188b876a4
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 227060 24c905d2bf65312b9654f3a8c3ff1b85
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 699612 e891d015a5e9f4a06c62330ae13ad8ff
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 3054006 65d02dc72ebedeee044492a0d54a7c9b
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_sparc.deb
Size/MD5: 75462 14106f64edcc64399c73cecfffe82660
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.diff.gz
Size/MD5: 16162 e2f7027909f54a82d3b05a5dab49bfe3
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.dsc
Size/MD5: 2333 0ca7e3c51f46e811ab8b764d19735017
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz
Size/MD5: 1595424 399b25d9d71ad22bc9a2a9281769c49c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 1051980 811eb825ef2a4a35a2737c7cc8f7dc18
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 147620 0df853686d2bde4d3251e2034d4aaca4
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 75082 66a4118be485eca8c0d64bcb507d95fe
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 56040 9aa3e75a67f5b3325354e0cd0783b4eb
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 26016 ab04a30595e5e10a8ea324ce5429859d
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 169758 a0feabc74a20a921577bb14b328f4f08
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 246134 66b67de914b70e969cef45ad38be8350
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 758072 3759109d011266b2f989d6d4b9c700f8
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 3352576 018f3529b1b4b66eb8fce6446e151276
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_amd64.deb
Size/MD5: 84178 3242ad6a0e40ac5017b25f252026b4ec
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 989400 4c6f5530a2751fbef0c4cf2b91c0a450
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 140982 8b2732a5ee3087e754cfbc8a311508a9
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 72374 9dafd2e2f353b30269b61184d8a05a73
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 53740 92abc5198ae95accc2a9c04535a12e74
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 25630 9ed21683dc9ce42230357a75c9f8efaf
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 166244 5407024e0fbca9ca17cf31784689f530
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 231402 085ad28bb8f30fb81c922bdf98461f62
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 725946 56e85e5a60eded5dd71286df5afcddad
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 3273936 4900c20227ee15c570803e0a5ea2380e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_i386.deb
Size/MD5: 80140 8397685b99e33d2295945e01b5a9c5a9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 1024116 82f69ec56049caaaa2e6d6ddfbcf38e9
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 145452 ca9c8d859dd2c259254c1015c8150e7c
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 73070 93faf777eb853626a8021a4fdf951ae0
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 53314 f04f80d8c690dd8eed9f2d8629b82ab6
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 24216 5597f9b407ed6e297dfb60495a926835
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 168690 d5f6fc3fd30c50549a0425684be4456f
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 244286 73acb1d168e1b946fc0ab87e52a98d2b
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 749218 e362ac899fed10132a24579c856392bf
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 3243524 b3809cb3b43f6c6fcbf78e5f195454b8
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_sparc.deb
Size/MD5: 80606 84e09ef47c3a62d374f7d72d077857f7
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.diff.gz
Size/MD5: 36586 3c8f46489d270a6553c603f1bf42df61
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.dsc
Size/MD5: 2321 6309c218890373f2d2f3829083f1e14e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4.orig.tar.gz
Size/MD5: 1674400 4155346f9369b192569ce9184ff73e43
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 1057464 02cfbb58b185dce47f79752bc448ecfb
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 153226 6a1cd66dad1f036c916834a9bee5290e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 79122 fc4779709ed8b692f9debc48054dcf66
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 56012 6c389ff1ec4144b526b34e3df0390361
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 26902 e4f305ff49b07e2d4266f3c23b737328
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 172296 6a277bb044e8bddf0b7211ef4f201e8a
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 252048 07a540e9727055ad6ea3af4805ca02f4
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 762152 b900a754d1f4fd137a984a5d9a428b49
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 3392098 40b5213d5c65333912cb2a6837cb8155
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_amd64.deb
Size/MD5: 84984 222e314966329a71370119194760f289
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 994314 0cf46cddcca262acb400301c6ccfadcf
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 146050 ecfd6621c0c8125575908fce67e87037
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 75926 9460e967f9ea99f6e52cea7b82794cf1
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 53792 094890d2058126fad34a2a9f1b74a9fe
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 26526 ae6f93323c82c1d452e81335025c4677
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 169754 b69d20dacb024e9412954289e62606e5
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 237416 79df3cbaef280ae078fe5d90d1efeca6
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 729896 ebd5b47847b7d4c2d6a7956d5f2b9c9c
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 3308176 1901fd74a67d54354fc37140a3820651
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_i386.deb
Size/MD5: 80940 24c64a45a096f19bc5e29ac070570932
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 1139050 391b272517bddffbfecbbc91a43b7f96
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 160174 5e5fbf2fdbf5007373e8f76a762b875d
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 83092 96d39f59f5dbb721fc5bbd370f0b3540
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 57086 00f8a4e9617f841bd90e57d2835311f4
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 27700 b373ca19c5ec767a6398dffc9bedd553
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 174170 ff1770256477129693ba12fa671d00f2
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 257882 c5a46d4e9d96ab2e705e5a538cf3731e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 802012 68d7baf4f9f6c09fbf4f1c0e382fa182
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 3517048 e614b7e4a6a126f9b7dd67f6efefd117
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_powerpc.deb
Size/MD5: 85044 6187f4e8bac574e941da55a6a69690af
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 1061366 41136167b401a0728acbcdb4019d10a9
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 152744 080f6cd7a3b25dafb7a859b7feb7095e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 77452 04f109d31474b5aa18934e158adf6d62
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 54694 2300562f2a7cfb8d4a33f881332ace15
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 25448 53b2a8352578c81f64e8f4cab898007b
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 172760 f147f6913ced592759716f7b3df63af2
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 255112 3257864700e4387e8cf4e11e5f4aef4e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 761444 626f9943c20f6c2f8cddfaed957e0251
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 3312976 945e1150e98d3545f2790ceaec85220f
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_sparc.deb
Size/MD5: 82324 33c251009e49841c9ae76e74a1e4e559
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.diff.gz
Size/MD5: 14357 2913cf42deabe02923039b83f4d3a09b
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.dsc
Size/MD5: 2426 d8addbeb6ab59e8dfeaab3262b4215e8
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3.orig.tar.gz
Size/MD5: 1791880 1024c608a8a7c1d6ec301bddf11f3af9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 64468 6a423398bc892f513b2f38e2e3d5c602
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 31168 539169982c29fbd85ad92d3564b46332
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 1103468 a14ada191171b0af80c8ed455cc43602
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 165088 a094e30c378323c4e13fce76cb41eaef
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 83900 ba49980dc7ae19ec805f2d2e0a9dd341
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 59162 2e9264fd1688912c647a684349b04bc1
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 26422 f2e204b7a284aa1c7762671eb764f65f
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 175388 12fdd82ec02447154cb66ffee97eb6bd
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 262250 4b22149a50d268aff9c443f577272ec9
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 783016 b6a88c5290d6584cf118e03486ee5b28
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 3782700 92aaee73614843eb71a1e894d6e6b6db
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_amd64.deb
Size/MD5: 84584 cff59800844c6d64d58481682d7096c2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 61226 2daec50e448a0023cefc89ecdac63e2f
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 31404 ad307f5350fd07a9cc409f4e9e1a76a3
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 1031432 cb1b0f48c777da1e83104a1f8a92850c
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 156646 33c97aaca1542522ac44c0c2c1aa32f9
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 80682 9c4b0a4534eb6719a7d9f974b2fc8b61
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 56974 6d8a32bff9e98d95c8cf754c47aae4f6
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 25986 ce814f61d00c0be09742cff50d691d1a
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 172378 d6a441c24baa014e23428de75ee78913
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 246084 0f3d944e284b2e96f78ff7c897d89310
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 746296 c5b46a4f36381b2d6ac1f4cdc973a85d
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 3694024 28b7b242f8fe4b6decc198ce2cddc5e4
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_i386.deb
Size/MD5: 79640 326c2ea9f373fec8622ca654b942fee2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 65034 e6fe859f3e6071f20f9cf880107c1f2e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 32576 1923fe67aeb448dae67c0c3de7acad51
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 1182088 7d90bf72cedc6ccda4da639e657ba3ec
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 171878 728ed879151c66c82c09d074ca3d6b74
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 88564 38714d7ad6697b4231e2c89c511195c4
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 60498 2422b28c607abc4cf25388199ad89052
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 27190 4e063517954ef91ae8ce1d959f939bad
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 177264 79deabe8844ba4993b7643a846b6ba7f
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 270448 a6924c87f821b74c9d9ef642d3182194
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 822532 fded6e9509fb172ea0587cd536b8e24c
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 3916390 bd49980f1d5fe6a419961106a2635ad6
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_powerpc.deb
Size/MD5: 82814 8552bb3b2508b96a0c3a2be0b7a02f00
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tetex security update Advisory ID: RHSA-2012:1201-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1201.html Issue date: 2012-08-23 CVE Names: CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 =====================================================================
- Summary:
Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output.
teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:
Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. (CVE-2010-2642, CVE-2011-0433)
An invalid pointer dereference flaw was found in t1lib. (CVE-2011-0764)
A use-after-free flaw was found in t1lib. (CVE-2011-1553)
An off-by-one flaw was found in t1lib. (CVE-2011-1554)
An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552)
teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code:
An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702)
An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704)
Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642.
All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser 679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser 692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font 692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font 692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font 692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm
i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm
x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm
i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm
ia64: tetex-3.0-33.15.el5_8.1.ia64.rpm tetex-afm-3.0-33.15.el5_8.1.ia64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm tetex-doc-3.0-33.15.el5_8.1.ia64.rpm tetex-dvips-3.0-33.15.el5_8.1.ia64.rpm tetex-fonts-3.0-33.15.el5_8.1.ia64.rpm tetex-latex-3.0-33.15.el5_8.1.ia64.rpm tetex-xdvi-3.0-33.15.el5_8.1.ia64.rpm
ppc: tetex-3.0-33.15.el5_8.1.ppc.rpm tetex-afm-3.0-33.15.el5_8.1.ppc.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ppc.rpm tetex-doc-3.0-33.15.el5_8.1.ppc.rpm tetex-dvips-3.0-33.15.el5_8.1.ppc.rpm tetex-fonts-3.0-33.15.el5_8.1.ppc.rpm tetex-latex-3.0-33.15.el5_8.1.ppc.rpm tetex-xdvi-3.0-33.15.el5_8.1.ppc.rpm
s390x: tetex-3.0-33.15.el5_8.1.s390x.rpm tetex-afm-3.0-33.15.el5_8.1.s390x.rpm tetex-debuginfo-3.0-33.15.el5_8.1.s390x.rpm tetex-doc-3.0-33.15.el5_8.1.s390x.rpm tetex-dvips-3.0-33.15.el5_8.1.s390x.rpm tetex-fonts-3.0-33.15.el5_8.1.s390x.rpm tetex-latex-3.0-33.15.el5_8.1.s390x.rpm tetex-xdvi-3.0-33.15.el5_8.1.s390x.rpm
x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-2642.html https://www.redhat.com/security/data/cve/CVE-2010-3702.html https://www.redhat.com/security/data/cve/CVE-2010-3704.html https://www.redhat.com/security/data/cve/CVE-2011-0433.html https://www.redhat.com/security/data/cve/CVE-2011-0764.html https://www.redhat.com/security/data/cve/CVE-2011-1552.html https://www.redhat.com/security/data/cve/CVE-2011-1553.html https://www.redhat.com/security/data/cve/CVE-2011-1554.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQNkf0XlSAg2UNWIIRAiQFAJ9WUAfXKk43rYvg+UYPr0aOZvojRgCeKWRl PAzUWlaBGi1pT+Kr2TaQk1E= =iYiF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "poppler",
"scope": "gte",
"trust": 1.0,
"vendor": "freedesktop",
"version": "0.8.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "xpdfreader",
"version": "3.02"
},
{
"model": "cups",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.2"
},
{
"model": "xpdf",
"scope": "lte",
"trust": 1.0,
"vendor": "xpdfreader",
"version": "3.01"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "poppler",
"scope": "lte",
"trust": 1.0,
"vendor": "freedesktop",
"version": "0.15.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "xpdf",
"scope": "lt",
"trust": 0.8,
"vendor": "foolabs",
"version": "3.02pl5"
},
{
"model": "poppler",
"scope": "lt",
"trust": 0.8,
"vendor": "freedesktop",
"version": "0.15.1"
},
{
"model": "openoffice.org",
"scope": "lt",
"trust": 0.8,
"vendor": "openoffice",
"version": "3.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "rhel optional productivity applications",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "cups",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "pl3",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0"
},
{
"model": "pl2",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0"
},
{
"model": "1pl1",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.01"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.00"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.3"
},
{
"model": "pl1",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.2"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.2"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.1"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.03"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.02"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.01"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "1.01"
},
{
"model": "0a",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "1.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "1.00"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "0.93"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "0.92"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "0.91"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "0.90"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux es 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux as 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.5.4"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.5.3"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.5.1"
},
{
"model": "oracle pdf import extension",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.3"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.3"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "kdegraphics",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "kdegraphics",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.3"
},
{
"model": "kdegraphics",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "kdegraphics",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.8.2"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.8"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.1"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "0.132"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "0.131"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "0.112"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "0.110"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "oracle pdf import extension",
"scope": "ne",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.4"
}
],
"sources": [
{
"db": "BID",
"id": "43841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:foolabs:xpdf",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:freedesktop:poppler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openoffice:openoffice.org",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_optional_productivity_applications",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sauli Pahlman; Joel Voss",
"sources": [
{
"db": "BID",
"id": "43841"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-3702",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2010-3702",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-46307",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3702",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-3702",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-038",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-46307",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46307"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. Xpdf is prone to a vulnerability due to an array-indexing error. \nAn attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious PDF file with an affected application. \nSuccessful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.0:\n f8eeb85b978e98a9bfffce7ab584e9df 2010.0/i586/libpoppler5-0.12.4-1.2mdv2010.0.i586.rpm\n 11b9dfe9e37261bec174c25aae9d71b4 2010.0/i586/libpoppler-devel-0.12.4-1.2mdv2010.0.i586.rpm\n b9af206162c906094204ed13a4620318 2010.0/i586/libpoppler-glib4-0.12.4-1.2mdv2010.0.i586.rpm\n eea6fc72a55f119c2fe7aef2c37400f6 2010.0/i586/libpoppler-glib-devel-0.12.4-1.2mdv2010.0.i586.rpm\n d83f8f81d2cbb11a3a12e0654d63cd11 2010.0/i586/libpoppler-qt2-0.12.4-1.2mdv2010.0.i586.rpm\n 8e1f7d0278a299b55e1b213f90462610 2010.0/i586/libpoppler-qt4-3-0.12.4-1.2mdv2010.0.i586.rpm\n 6f1505518bb6a42bd017f4ed00ed5f3f 2010.0/i586/libpoppler-qt4-devel-0.12.4-1.2mdv2010.0.i586.rpm\n 6bfceb4bbb5565f829c765e15d9f84f8 2010.0/i586/libpoppler-qt-devel-0.12.4-1.2mdv2010.0.i586.rpm\n 69b87e12827e20261bcac5c1a9f6cc47 2010.0/i586/poppler-0.12.4-1.2mdv2010.0.i586.rpm \n b395b580e189eac53cec4cdce2ceaeeb 2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 5ac922ba77b7e24852b032cb96d66dcc 2010.0/x86_64/lib64poppler5-0.12.4-1.2mdv2010.0.x86_64.rpm\n a35fdb10aaaeda661082eea969c8cb10 2010.0/x86_64/lib64poppler-devel-0.12.4-1.2mdv2010.0.x86_64.rpm\n be4e55287976d6d9f0bc8acdd41dc371 2010.0/x86_64/lib64poppler-glib4-0.12.4-1.2mdv2010.0.x86_64.rpm\n 2e63d0dff69e958f0b926cf6d0026c61 2010.0/x86_64/lib64poppler-glib-devel-0.12.4-1.2mdv2010.0.x86_64.rpm\n b50e39d108dc2458c252fbf365e2aaff 2010.0/x86_64/lib64poppler-qt2-0.12.4-1.2mdv2010.0.x86_64.rpm\n 7b249ff04f794fb6a8dc8b05564143e4 2010.0/x86_64/lib64poppler-qt4-3-0.12.4-1.2mdv2010.0.x86_64.rpm\n 121f80f800f144eb489f0cdce287e7ef 2010.0/x86_64/lib64poppler-qt4-devel-0.12.4-1.2mdv2010.0.x86_64.rpm\n fb7297fbbd3758eca663813932d822fe 2010.0/x86_64/lib64poppler-qt-devel-0.12.4-1.2mdv2010.0.x86_64.rpm\n 5fbd9b1cbd0c18cc7f5a77ee8c9421e8 2010.0/x86_64/poppler-0.12.4-1.2mdv2010.0.x86_64.rpm \n b395b580e189eac53cec4cdce2ceaeeb 2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 039272fbf964bf0cda8ee8be3f73d7f0 2010.1/i586/libpoppler5-0.12.4-2.1mdv2010.1.i586.rpm\n 4b8cd7ba4fcad0fdb13d498d9659353e 2010.1/i586/libpoppler-devel-0.12.4-2.1mdv2010.1.i586.rpm\n 0c8ecda02ad63275628fdf7dbb886d85 2010.1/i586/libpoppler-glib4-0.12.4-2.1mdv2010.1.i586.rpm\n a899985446082afaf7a552a9d093fa7b 2010.1/i586/libpoppler-glib-devel-0.12.4-2.1mdv2010.1.i586.rpm\n 98cc33b6085f8b5a3e450814217a87fc 2010.1/i586/libpoppler-qt2-0.12.4-2.1mdv2010.1.i586.rpm\n aca2798c969fe7e1ae41f8fda8c767bf 2010.1/i586/libpoppler-qt4-3-0.12.4-2.1mdv2010.1.i586.rpm\n 766c5b85413728af84378f56647f3d6e 2010.1/i586/libpoppler-qt4-devel-0.12.4-2.1mdv2010.1.i586.rpm\n e1af5e2dda8be30d3ac1e009ce856588 2010.1/i586/libpoppler-qt-devel-0.12.4-2.1mdv2010.1.i586.rpm\n e2060c17f1f8ece622fbcf94e50205d7 2010.1/i586/poppler-0.12.4-2.1mdv2010.1.i586.rpm \n a3495563ca96089190aef76b6c25df4d 2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 142bdd508c9c62480b467b3aa74a6eb1 2010.1/x86_64/lib64poppler5-0.12.4-2.1mdv2010.1.x86_64.rpm\n 423f44b8802e838afbdd9be973bee11b 2010.1/x86_64/lib64poppler-devel-0.12.4-2.1mdv2010.1.x86_64.rpm\n 88b25a582c2bf185196e8d68b2567bd9 2010.1/x86_64/lib64poppler-glib4-0.12.4-2.1mdv2010.1.x86_64.rpm\n 5ea3f17b45cdddf438d4642348f0133d 2010.1/x86_64/lib64poppler-glib-devel-0.12.4-2.1mdv2010.1.x86_64.rpm\n 11e9facfbca3b5d916f480e5053614cd 2010.1/x86_64/lib64poppler-qt2-0.12.4-2.1mdv2010.1.x86_64.rpm\n 51f3818574979e270265d94947b863ff 2010.1/x86_64/lib64poppler-qt4-3-0.12.4-2.1mdv2010.1.x86_64.rpm\n d7c2b054dd96ac00eb7caf957d290cf6 2010.1/x86_64/lib64poppler-qt4-devel-0.12.4-2.1mdv2010.1.x86_64.rpm\n 9533bb591cd679ba8f880b23605e837a 2010.1/x86_64/lib64poppler-qt-devel-0.12.4-2.1mdv2010.1.x86_64.rpm\n a6fd550b90857f4cbfcd97213d5e7918 2010.1/x86_64/poppler-0.12.4-2.1mdv2010.1.x86_64.rpm \n a3495563ca96089190aef76b6c25df4d 2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFM3VkMmqjQ0CJFipgRAt1ZAKDMo9oWIQ/0cZWwYHte7+QQWtASZwCfTuRR\nQp8m00pY+5aiMBWXOR3I64k=\n=VPTO\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nWindows Applications Insecure Library Loading\n\nThe Official, Verified Secunia List:\nhttp://secunia.com/advisories/windows_insecure_library_loading/\n\nThe list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nXpdf Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA41709\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41709/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41709\n\nRELEASE DATE:\n2010-10-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41709/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41709/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41709\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Xpdf, which can potentially\nbe exploited by malicious people to compromise a user\u0027s system. \n\nFor more information see vulnerabilities #1 and #2 in:\nSA41596\n\nSOLUTION:\nDo not open files from untrusted sources. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported in Poppler by Joel Voss, Leviathan Security Group. \n\nORIGINAL ADVISORY:\nhttps://rhn.redhat.com/errata/RHSA-2010-0751.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201402-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xpdf: User-assisted execution of arbitrary code\n Date: February 17, 2014\n Bugs: #386271\n ID: 201402-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Xpdf could result in execution of arbitrary\ncode. \n\nBackground\n==========\n\nXpdf is an X viewer for PDF files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/xpdf \u003c= 3.02-r4 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could execute arbitrary code or cause a\nDenial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for Xpdf. We recommend that users\nunmerge Xpdf:\n\n # emerge --unmerge \"app-text/xpdf\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-4035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035\n[ 2 ] CVE-2010-3702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702\n[ 3 ] CVE-2010-3704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201402-17.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.02-1.4+lenny3. \n\nFor the upcoming stable distribution (squeeze) and the unstable \ndistribution (sid), these problems don\u0027t apply, since xpdf has been \npatched to use the Poppler PDF library. \n\nUpgrade instructions\n- --------------------\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-1005-1 October 19, 2010\npoppler vulnerabilities\nCVE-2010-3702, CVE-2010-3703, CVE-2010-3704\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.04\nUbuntu 9.10\nUbuntu 10.04 LTS\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libpoppler1 0.5.1-0ubuntu7.8\n libpoppler1-glib 0.5.1-0ubuntu7.8\n\nUbuntu 8.04 LTS:\n libpoppler-glib2 0.6.4-1ubuntu3.5\n libpoppler2 0.6.4-1ubuntu3.5\n\nUbuntu 9.04:\n libpoppler-glib4 0.10.5-1ubuntu2.6\n libpoppler4 0.10.5-1ubuntu2.6\n\nUbuntu 9.10:\n libpoppler-glib4 0.12.0-0ubuntu2.3\n libpoppler5 0.12.0-0ubuntu2.3\n\nUbuntu 10.04 LTS:\n libpoppler-glib4 0.12.4-0ubuntu5.1\n libpoppler5 0.12.4-0ubuntu5.1\n\nUbuntu 10.10:\n libpoppler-glib5 0.14.3-0ubuntu1.1\n libpoppler7 0.14.3-0ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that poppler contained multiple security issues when\nparsing malformed PDF documents. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz\n Size/MD5: 27259 bedbca4c7d1fbb131e87ac7d01b9ccfb\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.dsc\n Size/MD5: 2375 9242a34c31aec338034bad41ff0e04fb\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz\n Size/MD5: 954930 a136cd731892f4570933034ba97c8704\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 729804 990c4697220246f06734ec985bf79805\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 58242 4e17049f4d461125928bd33eb905542e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 47402 2e1911778f8d114dc01570a16cc753fa\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 52998 4dc5f9471611f96ec0bfb5314a527d67\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 43618 37459b85fdf031fdba6e1b35ea116679\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 546536 7ad7ef20bd092f9007a0a4f2920d301d\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_amd64.deb\n Size/MD5: 101316 389d8b7bf42dd291ae246bbe5306c66e\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 664928 8670a45be74a527aa2381c786d6f499c\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 56038 20fa91b22991fbf8f2855d0019a30066\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 46100 aa511d2877d5a86ee35fb8760168e746\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 51888 e635377fcd0afcc86fb5665f12596940\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 43120 0a299604034207977e6549719e97c3bb\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 505126 546b78451a3db468d906a13c3e461755\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_i386.deb\n Size/MD5: 93028 075e41dd3d3608e7e4a5f682d3ab0d45\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 769490 69fe73d00ba079febc5ada96e82cb518\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 60272 ef55f2b86d376cfc7f81786fa56f0852\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 47556 20725d1ceae67bd27b629bda23ea27aa\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 54288 f1652517075e0ea34c6b762e8e1ec6ba\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 44890 7ce2dad1bd9962aecd9184b74de80dbd\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 552776 7b30e7f41666d93aaa7d3a95537333d8\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_powerpc.deb\n Size/MD5: 105656 6d4c33c8c30e18aba3e5248d19945312\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 690766 199896329398917fe8f2a37179d02a34\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 56618 d6fe358f5cdcbc02450e69db342ee8b3\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 46092 5d19384e2488912b2ba4d98ff39906b7\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 51360 9b6aaada69d2fd81edbf8a3f1e236256\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 42362 914f0dfd79b25858ad12ad20c4407905\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 518396 ccb5b4d7b6a3966174b55e82597d90b8\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_sparc.deb\n Size/MD5: 93880 6343457c99d3fe9e95c65e7f11ed1688\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.diff.gz\n Size/MD5: 22610 e40e61ff8f404dd8c570d7d9d37d3344\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.dsc\n Size/MD5: 1832 5e30251249c773f2fdb94278bf11050c\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz\n Size/MD5: 1294481 13d12ca4e349574cfbbcf4a9b2b3ae52\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 899230 8fce2b7acfae6b6397caf9caf140a031\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 110018 dfafa5b34781fe749705af443a32d855\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 54810 5febb6077ff4019f33ef36b39d05087b\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 46176 f53d822dbade16249befcf24f503c443\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 25520 85571978f17908b52fde4a635b1a411e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 146760 9ff80c2dbf2bb811e31e1b66caf6279c\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 201282 909dc624c82bc3c89a0b46ee49fc080f\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 648816 9c4f1dbc90f19b95970d601d05ebf72b\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_amd64.deb\n Size/MD5: 78984 ea5c07bc1f8cc794416c93e05b4f4815\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 839500 f428fc3b2317229955ebf3145bd8b1ef\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 102844 5abd270a2f436fd79d5fa021ed0a75a2\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 52354 58e6cec2618c530ae21ca02fb009da06\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 42614 9370944020717ba5be753fe28ab981d0\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 25050 57ac26b842693f33b609ea6d6ced073b\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 143622 9f476e4d71f8693f39e73e76c9a65d3c\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 190086 b40f870abc3aa6f6b8203de269e88d93\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 623310 43c9e0e5063794de8b008a567dd48545\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_i386.deb\n Size/MD5: 73692 d5434601a4e7ef66297888f349217a1f\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 859546 59e85a8660b8972ffac2b9964be303bd\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 103834 2dd93fcfeb085ad2d2ebbf2631b094e9\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 52614 bfa697640e43ddb7314d66f7107e021f\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 43048 f1173347bdf4b450a9058f558a0e98e0\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 24792 2f1a32e1c3062d9ff8ad2bac1a89a5e2\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 145068 e079cb3940740d3866454898c7a635ba\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 191294 c0083aef2f0adfc21064be2f95f6316d\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 637232 bff9ecff5a68a668e00a2c0bab55b290\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_lpia.deb\n Size/MD5: 74708 14d03ac4f0abc79bb2b7696776db9362\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 956836 642c3332a4295161be0729b72f6ccfb0\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 115792 671359d71e699df8ef011ef9b1b97e13\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 58464 118f2e096f121fb43ad8a287335f5892\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 46142 60ec3d227164cb4f52531bf0d0d94a71\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 28862 cf22690c891eaf82c9587faff7e7aec1\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 152744 fef8f36a164ceb3a425882cc697d9cad\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 209554 7c20fafa41749c91709a2c925844cad1\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 683376 5c9e55ebefa5e5dfabbd72787bf5b7bb\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_powerpc.deb\n Size/MD5: 94454 50f79c3f37ccade2e26ac5f01fedb367\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 859950 ca8b01d58970c27729fb9311f7706611\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 104158 a60feaf9f57f703ae37d4587071e10e3\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 51408 3a832dd5583a5ebdca67fb868b774f46\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 42008 563aa6cce06916284a5bbccc8f9a4a2a\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 23902 dbda45ef43ff352439a2595766a8725f\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 145340 fcacd993458d4e16e4104b1c2fef74b5\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 193258 872f6f3ef8af1a386100f929342c23f3\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 631572 31bc91916469b6fee1e4ed2411b98c70\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_sparc.deb\n Size/MD5: 72984 85a3e42acdf1819c8fc07053cb9012c3\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.diff.gz\n Size/MD5: 22658 46a4434de1013ad6a1aedd7f83f4638e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.dsc\n Size/MD5: 2319 cb6568c37577a77805a323102daf8cbe\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5.orig.tar.gz\n Size/MD5: 1516687 125f671a19707861132fb03e73b61184\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 1000762 2511c181edee11136cd95f2fd8f7df4e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 124320 8e44bb95aaf500ea3f5f2cfeda92c77b\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 64498 433f22fd427b85eda6c6f79c093c7bf4\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 51136 3fce9dd192f7cf72beb2a462b78a045f\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 26084 40b1eb43d7c31c344ee807f67b56405a\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 166096 856ebcf506dfe1e6f73a16d039683576\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 235030 001590442c32e9d44d12c708cb484a34\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 715688 100b06d8f1c178b74a72627c1293a99d\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 3191282 9fad2dc154e6816007978eecba272f98\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_amd64.deb\n Size/MD5: 80310 e6f5e58168c6548ee953afc2f2e198e2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 939116 1a637f61cc6980c737f0485fc2ee9d46\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 118186 be93a766d70095e2b904e8a1059c1ea9\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 61432 b48d904620036b494dae30f846757933\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 48108 502e462be767601fd4f37278ff6fb0c9\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 25400 0d97956139ca4df762ff50924775c7ee\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 164406 c48888d902bace1af6f9568bc7d11781\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 219842 642d8bf864daa53baa9aba14ef1d8e8d\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 687198 ebd3b55dd94130e8031fce6fdd9c2977\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 3106210 be7d517d3130e27b75b778b1fafab2c2\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_i386.deb\n Size/MD5: 75150 842cb849ecdc92162f1ef0645a89694a\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 951712 5833f800109087edef20d0d2e043a2a0\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 118064 f415be637dbb5991ce0cf7d4bc62b9b7\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 61512 247589fb21e89512e10055a39cdef0c0\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 48234 53a1552904e2243babf5b4480f4e39d2\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 25090 fe55913c8f07a2d573d202669dd1697e\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 164652 37ca1c8caa83a03a65f2d24d4f7576bb\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 220064 5d8c233389507dc10c6830ab35ab31e4\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 698034 6b6e1e71dc2b4d73ce5d91ab18ed1434\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 3141000 792164965ecec628891930c15056146e\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_lpia.deb\n Size/MD5: 75852 566179c180af7420345a59aef66d20ab\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 1067816 72f7c6c253c7a0d6de9572a45b766bea\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 132060 05faca87e109c1c75a82a458b2d23949\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 69138 2c877d50106cacbfa82cb9e60e572e7e\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 51250 377d0b6a2fb986aafde1ee9f8045e04a\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 28790 9a4a744f8bbaee83ab3e0d624425dda3\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 170364 ce061c2566a07dd3c159a23d66d829fc\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 239232 b223e0531752af48a78b9feb2964e77a\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 751112 72ec27c3cfa98ec9c51e1735b233d70a\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 3289146 731cdf54cada7da65a2a3c939df59f93\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_powerpc.deb\n Size/MD5: 92846 b62d9487645a67d4c892c3671a75e05c\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 958890 6948353f591647da86e316845ec8f9eb\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 120824 6ff59a3bbd4a9b425ef23110a76c4298\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 61180 2cc5e6f027e76b607defdc9a797fea4d\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 47586 c343721df8aec6efa801c42368c65187\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 24302 829a6fd6cb43629453b0d03abb134c74\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 165794 e2baae9323c3dc1bfd4c7a5188b876a4\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 227060 24c905d2bf65312b9654f3a8c3ff1b85\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 699612 e891d015a5e9f4a06c62330ae13ad8ff\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 3054006 65d02dc72ebedeee044492a0d54a7c9b\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_sparc.deb\n Size/MD5: 75462 14106f64edcc64399c73cecfffe82660\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.diff.gz\n Size/MD5: 16162 e2f7027909f54a82d3b05a5dab49bfe3\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.dsc\n Size/MD5: 2333 0ca7e3c51f46e811ab8b764d19735017\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz\n Size/MD5: 1595424 399b25d9d71ad22bc9a2a9281769c49c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 1051980 811eb825ef2a4a35a2737c7cc8f7dc18\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 147620 0df853686d2bde4d3251e2034d4aaca4\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 75082 66a4118be485eca8c0d64bcb507d95fe\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 56040 9aa3e75a67f5b3325354e0cd0783b4eb\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 26016 ab04a30595e5e10a8ea324ce5429859d\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 169758 a0feabc74a20a921577bb14b328f4f08\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 246134 66b67de914b70e969cef45ad38be8350\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 758072 3759109d011266b2f989d6d4b9c700f8\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 3352576 018f3529b1b4b66eb8fce6446e151276\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_amd64.deb\n Size/MD5: 84178 3242ad6a0e40ac5017b25f252026b4ec\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 989400 4c6f5530a2751fbef0c4cf2b91c0a450\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 140982 8b2732a5ee3087e754cfbc8a311508a9\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 72374 9dafd2e2f353b30269b61184d8a05a73\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 53740 92abc5198ae95accc2a9c04535a12e74\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 25630 9ed21683dc9ce42230357a75c9f8efaf\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 166244 5407024e0fbca9ca17cf31784689f530\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 231402 085ad28bb8f30fb81c922bdf98461f62\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 725946 56e85e5a60eded5dd71286df5afcddad\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 3273936 4900c20227ee15c570803e0a5ea2380e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_i386.deb\n Size/MD5: 80140 8397685b99e33d2295945e01b5a9c5a9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 1024116 82f69ec56049caaaa2e6d6ddfbcf38e9\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 145452 ca9c8d859dd2c259254c1015c8150e7c\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 73070 93faf777eb853626a8021a4fdf951ae0\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 53314 f04f80d8c690dd8eed9f2d8629b82ab6\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 24216 5597f9b407ed6e297dfb60495a926835\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 168690 d5f6fc3fd30c50549a0425684be4456f\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 244286 73acb1d168e1b946fc0ab87e52a98d2b\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 749218 e362ac899fed10132a24579c856392bf\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 3243524 b3809cb3b43f6c6fcbf78e5f195454b8\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_sparc.deb\n Size/MD5: 80606 84e09ef47c3a62d374f7d72d077857f7\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.diff.gz\n Size/MD5: 36586 3c8f46489d270a6553c603f1bf42df61\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.dsc\n Size/MD5: 2321 6309c218890373f2d2f3829083f1e14e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4.orig.tar.gz\n Size/MD5: 1674400 4155346f9369b192569ce9184ff73e43\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 1057464 02cfbb58b185dce47f79752bc448ecfb\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 153226 6a1cd66dad1f036c916834a9bee5290e\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 79122 fc4779709ed8b692f9debc48054dcf66\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 56012 6c389ff1ec4144b526b34e3df0390361\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 26902 e4f305ff49b07e2d4266f3c23b737328\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 172296 6a277bb044e8bddf0b7211ef4f201e8a\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 252048 07a540e9727055ad6ea3af4805ca02f4\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 762152 b900a754d1f4fd137a984a5d9a428b49\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 3392098 40b5213d5c65333912cb2a6837cb8155\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_amd64.deb\n Size/MD5: 84984 222e314966329a71370119194760f289\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 994314 0cf46cddcca262acb400301c6ccfadcf\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 146050 ecfd6621c0c8125575908fce67e87037\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 75926 9460e967f9ea99f6e52cea7b82794cf1\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 53792 094890d2058126fad34a2a9f1b74a9fe\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 26526 ae6f93323c82c1d452e81335025c4677\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 169754 b69d20dacb024e9412954289e62606e5\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 237416 79df3cbaef280ae078fe5d90d1efeca6\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 729896 ebd5b47847b7d4c2d6a7956d5f2b9c9c\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 3308176 1901fd74a67d54354fc37140a3820651\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_i386.deb\n Size/MD5: 80940 24c64a45a096f19bc5e29ac070570932\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 1139050 391b272517bddffbfecbbc91a43b7f96\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 160174 5e5fbf2fdbf5007373e8f76a762b875d\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 83092 96d39f59f5dbb721fc5bbd370f0b3540\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 57086 00f8a4e9617f841bd90e57d2835311f4\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 27700 b373ca19c5ec767a6398dffc9bedd553\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 174170 ff1770256477129693ba12fa671d00f2\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 257882 c5a46d4e9d96ab2e705e5a538cf3731e\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 802012 68d7baf4f9f6c09fbf4f1c0e382fa182\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 3517048 e614b7e4a6a126f9b7dd67f6efefd117\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_powerpc.deb\n Size/MD5: 85044 6187f4e8bac574e941da55a6a69690af\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 1061366 41136167b401a0728acbcdb4019d10a9\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 152744 080f6cd7a3b25dafb7a859b7feb7095e\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 77452 04f109d31474b5aa18934e158adf6d62\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 54694 2300562f2a7cfb8d4a33f881332ace15\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 25448 53b2a8352578c81f64e8f4cab898007b\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 172760 f147f6913ced592759716f7b3df63af2\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 255112 3257864700e4387e8cf4e11e5f4aef4e\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 761444 626f9943c20f6c2f8cddfaed957e0251\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 3312976 945e1150e98d3545f2790ceaec85220f\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_sparc.deb\n Size/MD5: 82324 33c251009e49841c9ae76e74a1e4e559\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.diff.gz\n Size/MD5: 14357 2913cf42deabe02923039b83f4d3a09b\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.dsc\n Size/MD5: 2426 d8addbeb6ab59e8dfeaab3262b4215e8\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3.orig.tar.gz\n Size/MD5: 1791880 1024c608a8a7c1d6ec301bddf11f3af9\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 64468 6a423398bc892f513b2f38e2e3d5c602\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 31168 539169982c29fbd85ad92d3564b46332\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 1103468 a14ada191171b0af80c8ed455cc43602\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 165088 a094e30c378323c4e13fce76cb41eaef\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 83900 ba49980dc7ae19ec805f2d2e0a9dd341\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 59162 2e9264fd1688912c647a684349b04bc1\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 26422 f2e204b7a284aa1c7762671eb764f65f\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 175388 12fdd82ec02447154cb66ffee97eb6bd\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 262250 4b22149a50d268aff9c443f577272ec9\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 783016 b6a88c5290d6584cf118e03486ee5b28\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 3782700 92aaee73614843eb71a1e894d6e6b6db\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_amd64.deb\n Size/MD5: 84584 cff59800844c6d64d58481682d7096c2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 61226 2daec50e448a0023cefc89ecdac63e2f\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 31404 ad307f5350fd07a9cc409f4e9e1a76a3\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 1031432 cb1b0f48c777da1e83104a1f8a92850c\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 156646 33c97aaca1542522ac44c0c2c1aa32f9\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 80682 9c4b0a4534eb6719a7d9f974b2fc8b61\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 56974 6d8a32bff9e98d95c8cf754c47aae4f6\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 25986 ce814f61d00c0be09742cff50d691d1a\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 172378 d6a441c24baa014e23428de75ee78913\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 246084 0f3d944e284b2e96f78ff7c897d89310\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 746296 c5b46a4f36381b2d6ac1f4cdc973a85d\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 3694024 28b7b242f8fe4b6decc198ce2cddc5e4\n http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_i386.deb\n Size/MD5: 79640 326c2ea9f373fec8622ca654b942fee2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 65034 e6fe859f3e6071f20f9cf880107c1f2e\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 32576 1923fe67aeb448dae67c0c3de7acad51\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 1182088 7d90bf72cedc6ccda4da639e657ba3ec\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 171878 728ed879151c66c82c09d074ca3d6b74\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 88564 38714d7ad6697b4231e2c89c511195c4\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 60498 2422b28c607abc4cf25388199ad89052\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 27190 4e063517954ef91ae8ce1d959f939bad\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 177264 79deabe8844ba4993b7643a846b6ba7f\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 270448 a6924c87f821b74c9d9ef642d3182194\n http://ports.ubuntu.com/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 822532 fded6e9509fb172ea0587cd536b8e24c\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 3916390 bd49980f1d5fe6a419961106a2635ad6\n http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_powerpc.deb\n Size/MD5: 82814 8552bb3b2508b96a0c3a2be0b7a02f00\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tetex security update\nAdvisory ID: RHSA-2012:1201-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1201.html\nIssue date: 2012-08-23\nCVE Names: CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 \n CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 \n CVE-2011-1553 CVE-2011-1554 \n=====================================================================\n\n1. Summary:\n\nUpdated tetex packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output. \n\nteTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1\nfonts. The following issues affect t1lib code:\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed\nAdobe Font Metrics (AFM) files. (CVE-2010-2642,\nCVE-2011-0433)\n\nAn invalid pointer dereference flaw was found in t1lib. \n(CVE-2011-0764)\n\nA use-after-free flaw was found in t1lib. (CVE-2011-1553)\n\nAn off-by-one flaw was found in t1lib. (CVE-2011-1554)\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause teTeX to crash. (CVE-2011-1552)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nAn uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was\nused to process a TeX document referencing a specially-crafted PDF file, it\ncould cause pdflatex to crash or, potentially, execute arbitrary code with\nthe privileges of the user running pdflatex. (CVE-2010-3702)\n\nAn array index error was found in the way Xpdf parsed PostScript Type 1\nfonts embedded in PDF documents. If pdflatex was used to process a TeX\ndocument referencing a specially-crafted PDF file, it could cause pdflatex\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running pdflatex. (CVE-2010-3704)\n\nRed Hat would like to thank the Evince development team for reporting\nCVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the\noriginal reporter of CVE-2010-2642. \n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference\n638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()\n666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser\n679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser\n692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font\n692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font\n692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font\n692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm\n\ni386:\ntetex-3.0-33.15.el5_8.1.i386.rpm\ntetex-afm-3.0-33.15.el5_8.1.i386.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm\ntetex-doc-3.0-33.15.el5_8.1.i386.rpm\ntetex-dvips-3.0-33.15.el5_8.1.i386.rpm\ntetex-fonts-3.0-33.15.el5_8.1.i386.rpm\ntetex-latex-3.0-33.15.el5_8.1.i386.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.i386.rpm\n\nx86_64:\ntetex-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-afm-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-doc-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-latex-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm\n\ni386:\ntetex-3.0-33.15.el5_8.1.i386.rpm\ntetex-afm-3.0-33.15.el5_8.1.i386.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm\ntetex-doc-3.0-33.15.el5_8.1.i386.rpm\ntetex-dvips-3.0-33.15.el5_8.1.i386.rpm\ntetex-fonts-3.0-33.15.el5_8.1.i386.rpm\ntetex-latex-3.0-33.15.el5_8.1.i386.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.i386.rpm\n\nia64:\ntetex-3.0-33.15.el5_8.1.ia64.rpm\ntetex-afm-3.0-33.15.el5_8.1.ia64.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm\ntetex-doc-3.0-33.15.el5_8.1.ia64.rpm\ntetex-dvips-3.0-33.15.el5_8.1.ia64.rpm\ntetex-fonts-3.0-33.15.el5_8.1.ia64.rpm\ntetex-latex-3.0-33.15.el5_8.1.ia64.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.ia64.rpm\n\nppc:\ntetex-3.0-33.15.el5_8.1.ppc.rpm\ntetex-afm-3.0-33.15.el5_8.1.ppc.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.ppc.rpm\ntetex-doc-3.0-33.15.el5_8.1.ppc.rpm\ntetex-dvips-3.0-33.15.el5_8.1.ppc.rpm\ntetex-fonts-3.0-33.15.el5_8.1.ppc.rpm\ntetex-latex-3.0-33.15.el5_8.1.ppc.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.ppc.rpm\n\ns390x:\ntetex-3.0-33.15.el5_8.1.s390x.rpm\ntetex-afm-3.0-33.15.el5_8.1.s390x.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.s390x.rpm\ntetex-doc-3.0-33.15.el5_8.1.s390x.rpm\ntetex-dvips-3.0-33.15.el5_8.1.s390x.rpm\ntetex-fonts-3.0-33.15.el5_8.1.s390x.rpm\ntetex-latex-3.0-33.15.el5_8.1.s390x.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.s390x.rpm\n\nx86_64:\ntetex-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-afm-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-doc-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-latex-3.0-33.15.el5_8.1.x86_64.rpm\ntetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-2642.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3702.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3704.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-0433.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-0764.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1554.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQNkf0XlSAg2UNWIIRAiQFAJ9WUAfXKk43rYvg+UYPr0aOZvojRgCeKWRl\nPAzUWlaBGi1pT+Kr2TaQk1E=\n=iYiF\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3702"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "BID",
"id": "43841"
},
{
"db": "VULHUB",
"id": "VHN-46307"
},
{
"db": "PACKETSTORM",
"id": "95788"
},
{
"db": "PACKETSTORM",
"id": "95792"
},
{
"db": "PACKETSTORM",
"id": "94635"
},
{
"db": "PACKETSTORM",
"id": "125234"
},
{
"db": "PACKETSTORM",
"id": "96881"
},
{
"db": "PACKETSTORM",
"id": "94989"
},
{
"db": "PACKETSTORM",
"id": "115842"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-46307",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46307"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3702",
"trust": 3.4
},
{
"db": "BID",
"id": "43845",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "43079",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2011-0230",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/10/04/6",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42691",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42357",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42141",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42397",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2897",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3097",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41709",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038",
"trust": 0.7
},
{
"db": "BID",
"id": "43841",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "95788",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "94989",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "96881",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "95792",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "115987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95787",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95789",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-46307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94635",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125234",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46307"
},
{
"db": "BID",
"id": "43841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "PACKETSTORM",
"id": "95788"
},
{
"db": "PACKETSTORM",
"id": "95792"
},
{
"db": "PACKETSTORM",
"id": "94635"
},
{
"db": "PACKETSTORM",
"id": "125234"
},
{
"db": "PACKETSTORM",
"id": "96881"
},
{
"db": "PACKETSTORM",
"id": "94989"
},
{
"db": "PACKETSTORM",
"id": "115842"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"id": "VAR-201011-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46307"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:35:48.998000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "poppler-0.5.4-4.4.14.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1272"
},
{
"title": "2136",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2136"
},
{
"title": "2138",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2138"
},
{
"title": "2139",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2139"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://poppler.freedesktop.org/"
},
{
"title": "RHSA-2010:0749",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0749.html"
},
{
"title": "RHSA-2010:0750",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0750.html"
},
{
"title": "RHSA-2010:0751",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0751.html"
},
{
"title": "RHSA-2010:0752",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0752.html"
},
{
"title": "RHSA-2010:0753",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0753.html"
},
{
"title": "RHSA-2010:0754",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0754.html"
},
{
"title": "RHSA-2010:0755",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0755.html"
},
{
"title": "RHSA-2010:0859",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0859.html"
},
{
"title": "cve_2010_3702_cve_2010",
"trust": 0.8,
"url": "http://blogs.sun.com/security/entry/cve_2010_3702_cve_2010"
},
{
"title": "download",
"trust": 0.8,
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"title": "xpdf-3.02pl5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35067"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46307"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/43845"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/43079"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"trust": 2.0,
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"trust": 2.0,
"url": "http://www.openoffice.org/security/cves/cve-2010-3702_cve-2010-3704.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1201.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42141"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42357"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42397"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42691"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049392.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049523.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049545.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050285.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050390.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050268.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:228"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:229"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:230"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:231"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:144"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0749.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0750.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0751.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0752.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0753.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0754.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0755.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0859.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1005-1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"trust": 1.1,
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3702"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3702"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/41709"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3702"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3704"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cve_2010_3702_cve_2010"
},
{
"trust": 0.3,
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
},
{
"trust": 0.3,
"url": "http://www.gnome.org/"
},
{
"trust": 0.3,
"url": "http://www.foolabs.com/xpdf/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3704"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3703"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2010\u0026amp;m=slackware-security.571720"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3703"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41709/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41709"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0751.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/windows_insecure_library_loading/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41709/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3702"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201402-17.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4035"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3704"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4035"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0764.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1554"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1552.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3702.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0433"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0433.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-2642.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3704.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1554.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1553.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0764"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46307"
},
{
"db": "BID",
"id": "43841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "PACKETSTORM",
"id": "95788"
},
{
"db": "PACKETSTORM",
"id": "95792"
},
{
"db": "PACKETSTORM",
"id": "94635"
},
{
"db": "PACKETSTORM",
"id": "125234"
},
{
"db": "PACKETSTORM",
"id": "96881"
},
{
"db": "PACKETSTORM",
"id": "94989"
},
{
"db": "PACKETSTORM",
"id": "115842"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-46307"
},
{
"db": "BID",
"id": "43841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"db": "PACKETSTORM",
"id": "95788"
},
{
"db": "PACKETSTORM",
"id": "95792"
},
{
"db": "PACKETSTORM",
"id": "94635"
},
{
"db": "PACKETSTORM",
"id": "125234"
},
{
"db": "PACKETSTORM",
"id": "96881"
},
{
"db": "PACKETSTORM",
"id": "94989"
},
{
"db": "PACKETSTORM",
"id": "115842"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-46307"
},
{
"date": "2010-10-07T00:00:00",
"db": "BID",
"id": "43841"
},
{
"date": "2010-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"date": "2010-11-12T22:29:38",
"db": "PACKETSTORM",
"id": "95788"
},
{
"date": "2010-11-12T22:38:03",
"db": "PACKETSTORM",
"id": "95792"
},
{
"date": "2010-10-12T05:59:55",
"db": "PACKETSTORM",
"id": "94635"
},
{
"date": "2014-02-18T01:18:49",
"db": "PACKETSTORM",
"id": "125234"
},
{
"date": "2010-12-21T18:39:25",
"db": "PACKETSTORM",
"id": "96881"
},
{
"date": "2010-10-19T23:48:05",
"db": "PACKETSTORM",
"id": "94989"
},
{
"date": "2012-08-24T01:19:13",
"db": "PACKETSTORM",
"id": "115842"
},
{
"date": "2010-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"date": "2010-11-05T18:00:05.017000",
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-46307"
},
{
"date": "2015-04-13T21:29:00",
"db": "BID",
"id": "43841"
},
{
"date": "2011-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002471"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-038"
},
{
"date": "2024-11-21T01:19:25.627000",
"db": "NVD",
"id": "CVE-2010-3702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xpdf and poppler Used in products such as PDF Parser Gfx::getPos Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002471"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-038"
}
],
"trust": 0.6
}
}
var-202108-1057
Vulnerability from variot
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's iPadOS Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-21
https://security.gentoo.org/
Severity: High Title: Poppler: Arbitrary Code Execution Date: September 29, 2022 Bugs: #867958 ID: 202209-21
Synopsis
A vulnerability has been discovered in Poppler which could allow for arbitrary code execution.
Background
Poppler is a PDF rendering library based on the xpdf-3.0 code base.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/poppler < 22.09.0 >= 22.09.0
Description
Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.
Workaround
Avoid opening untrusted PDFs.
Resolution
All Poppler users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"
References
[ 1 ] CVE-2021-30860 https://nvd.nist.gov/vuln/detail/CVE-2021-30860 [ 2 ] CVE-2022-38784 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Information about the security content is also available at https://support.apple.com/HT212804. CVE-2021-30860: The Citizen Lab
CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021
curl Available for: macOS Big Sur Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021
CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021
Gatekeeper Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021
libexpat Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021
Preferences Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021
Sandbox Available for: macOS Big Sur Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021
SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021
SMB Available for: macOS Big Sur Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. CVE-2021-30858: an anonymous researcher
Additional recognition
APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021
App Support We would like to acknowledge @CodeColorist, an anonymous researcher for their assistance. Entry added September 20, 2021
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021
CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021
Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added September 20, 2021
smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B +CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4 5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv 4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9 4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3 85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw= =9bjT -----END PGP SIGNATURE-----
. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "poppler",
"scope": "lt",
"trust": 1.0,
"vendor": "freedesktop",
"version": "22.09.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "xpdf",
"scope": "lt",
"trust": 1.0,
"vendor": "xpdfreader",
"version": "4.04"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "xpdf",
"scope": null,
"trust": 0.8,
"vendor": "glyph cog",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "poppler",
"scope": null,
"trust": 0.8,
"vendor": "freedesktop",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.6.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164195"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
}
],
"trust": 0.7
},
"cve": "CVE-2021-30860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30860",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390593",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30860",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30860",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30860",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-390593",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30860",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple\u0027s iPadOS Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-21\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Poppler: Arbitrary Code Execution\n Date: September 29, 2022\n Bugs: #867958\n ID: 202209-21\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nA vulnerability has been discovered in Poppler which could allow for\narbitrary code execution. \n\nBackground\n=========\nPoppler is a PDF rendering library based on the xpdf-3.0 code base. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/poppler \u003c 22.09.0 \u003e= 22.09.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Poppler. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n=========\nAvoid opening untrusted PDFs. \n\nResolution\n=========\nAll Poppler users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/poppler-22.09.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30860\n https://nvd.nist.gov/vuln/detail/CVE-2021-30860\n[ 2 ] CVE-2022-38784\n https://nvd.nist.gov/vuln/detail/CVE-2022-38784\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-21\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212804. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Big Sur\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nGatekeeper\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30858: an anonymous researcher\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nApp Support\nWe would like to acknowledge @CodeColorist, an anonymous researcher\nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY\neJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B\n+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4\n5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv\n4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD\nt6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn\nbwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu\nR7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC\nNlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9\n4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3\n85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=\n=9bjT\n-----END PGP SIGNATURE-----\n\n\n\n. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164195"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30860",
"trust": 3.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/09/02/11",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168573",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390593",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30860",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164249",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164246",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164194",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164242",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164195"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"id": "VAR-202108-1057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:00:22.460000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212807 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.freedesktop.org/wiki/"
},
{
"title": "Table of Contents\nTools\nEducational\nSimilar Lists\nContributing",
"trust": 0.1,
"url": "https://github.com/ex0dus-0x/awesome-rust-security "
},
{
"title": "CVE-2021-30860",
"trust": 0.1,
"url": "https://github.com/Levilutz/CVE-2021-30860 "
},
{
"title": "Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB \u0026 CVE-2021-30860 exploit(s)",
"trust": 0.1,
"url": "https://github.com/30440r/gex "
},
{
"title": "ELEGANTBOUNCER",
"trust": 0.1,
"url": "https://github.com/msuiche/elegant-bouncer "
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/CASE-STUDY-1 "
},
{
"title": "https://github.com/houjingyi233/macOS-iOS-system-security",
"trust": 0.1,
"url": "https://github.com/houjingyi233/macOS-iOS-system-security "
},
{
"title": "https://github.com/houjingyi233/macos-ios-exploit-writeup",
"trust": 0.1,
"url": "https://github.com/houjingyi233/macos-ios-exploit-writeup "
},
{
"title": "CVE-T4PDF\nTable of contents\nList of CVEs\nList of Techniques",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/12/17/cyber_spying_firms_facebook_meta/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/09/13/apple_ios_macos_security_fixes/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/04/20/google_zero_days/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/02/11/apple_emergency_webkit/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/25"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/26"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/27"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/28"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/38"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/39"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/40"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2021/sep/50"
},
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
},
{
"trust": 1.3,
"url": "https://support.apple.com/en-us/ht212807"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht212824"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212804"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212805"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212806"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.7,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht212805."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht212807."
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://github.com/ex0dus-0x/awesome-rust-security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38784"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212804."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212806."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30869"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212824."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164195"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164195"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390593"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"date": "2024-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"date": "2022-09-30T14:56:06",
"db": "PACKETSTORM",
"id": "168573"
},
{
"date": "2021-09-22T16:35:10",
"db": "PACKETSTORM",
"id": "164249"
},
{
"date": "2021-09-22T16:33:18",
"db": "PACKETSTORM",
"id": "164246"
},
{
"date": "2021-09-19T18:11:11",
"db": "PACKETSTORM",
"id": "164197"
},
{
"date": "2021-09-18T18:22:22",
"db": "PACKETSTORM",
"id": "164195"
},
{
"date": "2021-09-18T13:22:22",
"db": "PACKETSTORM",
"id": "164194"
},
{
"date": "2021-09-24T15:40:03",
"db": "PACKETSTORM",
"id": "164277"
},
{
"date": "2021-09-22T16:30:10",
"db": "PACKETSTORM",
"id": "164242"
},
{
"date": "2021-08-24T19:15:14.370000",
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-390593"
},
{
"date": "2024-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"date": "2024-07-19T07:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"date": "2024-02-02T03:08:54.213000",
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iPadOS\u00a0 Integer overflow vulnerability in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164195"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
}
],
"trust": 0.7
}
}
var-200707-0577
Vulnerability from variot
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
For the oldstable distribution (sarge) this problem has been fixed in version 0.4.2-2sarge6.
The stable distribution (etch) isn't affected by this problem.
The unstable distribution (sid) isn't affected by this problem.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.dsc
Size/MD5 checksum: 778 fbcbd62c772674dc96a26373e5aa6e01
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.diff.gz
Size/MD5 checksum: 9063 bb026f68189fd93686e5fd94b6cda88e
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
Size/MD5 checksum: 5887095 d99e1b13a017d39700e376a0edbf7ba2
Alpha architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_alpha.deb
Size/MD5 checksum: 19690 01b435b2688d03f3459c79526954925c
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_alpha.deb
Size/MD5 checksum: 5810714 dd23f39e0b388296b1fc271739712ebe
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_alpha.deb
Size/MD5 checksum: 19484 7f05a34e53fd43830028912e14d2328f
AMD64 architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_amd64.deb
Size/MD5 checksum: 18346 b0630efe8af750547c51f18e2b37e56c
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_amd64.deb
Size/MD5 checksum: 5641608 6cc4c3570ed2c3319944d2dadeb32df2
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_amd64.deb
Size/MD5 checksum: 17618 b03292795065cdd0c9444343f216a058
ARM architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_arm.deb
Size/MD5 checksum: 17726 b7d8e767fdec15d9f1dd42a4d287d093
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_arm.deb
Size/MD5 checksum: 5710926 010de9d5ca245ecde20850f2077ec525
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_arm.deb
Size/MD5 checksum: 17034 70da5564ca690372c8ff2f920e3145e7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_i386.deb
Size/MD5 checksum: 17870 34c81aebd99358f6a6668e6a6e766dcf
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_i386.deb
Size/MD5 checksum: 5713546 59647b99f778803ae7dd04b8a3ef4f69
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_i386.deb
Size/MD5 checksum: 16796 f6a61702be519be0de6ba5254a8d2bc1
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_ia64.deb
Size/MD5 checksum: 20664 abbab8aca9823e749ce8f56ba180605a
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_ia64.deb
Size/MD5 checksum: 5905678 6c4fae9ee6f98f8a2b04dfc8bb1e6c77
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_ia64.deb
Size/MD5 checksum: 19402 7217989cd00aa203703636a12b73ef1c
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_m68k.deb
Size/MD5 checksum: 17432 ad4ed814052b2b16a980916e8c26b4d5
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_m68k.deb
Size/MD5 checksum: 5708490 4456e64e983995cdaada1b8003b87de9
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_m68k.deb
Size/MD5 checksum: 16664 8d0a17ffea00ef3a8dd84ad1ef751382
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mips.deb
Size/MD5 checksum: 18672 ca896e1b783faaa7fd4f0b16bd5b679f
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mips.deb
Size/MD5 checksum: 5729468 b4369a7e90e9378aaf16c22e6ee8ba23
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mips.deb
Size/MD5 checksum: 17960 adf6c5dadd298f2cbfb129b329cbd396
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mipsel.deb
Size/MD5 checksum: 18720 24b4c8c7394ca7600b5d56ff6756ced0
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mipsel.deb
Size/MD5 checksum: 5727182 0d3c4b40711cd5ff424d9c3509abc959
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mipsel.deb
Size/MD5 checksum: 17990 2bfd506c4227ba2b51128ed229d05737
PowerPC architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_powerpc.deb
Size/MD5 checksum: 19840 965842771a493480a596d23219240384
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_powerpc.deb
Size/MD5 checksum: 5678172 d9b4e7d752db6ca53ce6adddd1c8963b
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_powerpc.deb
Size/MD5 checksum: 17802 9d4275a87460db16bf31e112f8a7be72
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_s390.deb
Size/MD5 checksum: 18220 218a8b4f648ee49543981dd7a418a86b
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_s390.deb
Size/MD5 checksum: 5768298 367428e42de8d1af622d02d64f4fb027
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_s390.deb
Size/MD5 checksum: 18166 98cb43003a7a95dbfd121cf615f73bc8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_sparc.deb
Size/MD5 checksum: 17728 f9220d2e7654b273448c0880374f59d4
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_sparc.deb
Size/MD5 checksum: 5752498 5c5bcdf9c749506310e95137ae80550c
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_sparc.deb
Size/MD5 checksum: 16938 b90780181aeb323dbcc4dfa11db7bcd0
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGti0iXm3vHE4uyloRAoudAJ9ZqS25gbz6VNY/oanVFFjCTMAm6QCgqNhx XHBRb5puYoKnbq+YL58W5Jc= =/7L0 -----END PGP SIGNATURE-----
.
TITLE: GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA18375
VERIFY ADVISORY: http://secunia.com/advisories/18375/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: GNOME 2.x http://secunia.com/product/3277/
DESCRIPTION: Some vulnerabilities have been reported in GNOME gpdf, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
The vulnerabilities are caused due to the use of a vulnerable version of Xpdf.
For more information: SA18303
SOLUTION: Restrict use to trusted PDF files only.
OTHER REFERENCES: SA18303: http://secunia.com/advisories/18303/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ** REJECTED ** Do not use this application number. ConsultIDs: CVE-2007-3387. Reason: This application number is a duplicate of CVE-2007-3387. =========================================================== Ubuntu Security Notice USN-496-2 August 07, 2007 poppler vulnerability CVE-2007-3387 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.2
Ubuntu 6.10: libpoppler1 0.5.4-0ubuntu4.2
Ubuntu 7.04: libpoppler1 0.5.4-0ubuntu8.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-17
http://security.gentoo.org/
Severity: Normal Title: teTeX: Multiple buffer overflows Date: September 27, 2007 Bugs: #170861, #182055, #188172 ID: 200709-17
Synopsis
Multiple vulnerabilities have been discovered in teTeX, allowing for user-assisted execution of arbitrary code.
Background
teTeX is a complete TeX distribution for editing documents.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/tetex < 3.0_p1-r4 >= 3.0_p1-r4
Description
Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable (CVE-2007-0650). Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf (CVE-2007-3387). In both cases, this could lead to the remote execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All teTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/tetex-3.0_p1-r4"
References
[ 1 ] CVE-2007-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650 [ 2 ] CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 [ 3 ] GLSA-200708-05 http://www.gentoo.org/security/en/glsa/glsa-200708-05.xml
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200709-17.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDKSA-2007:164 http://www.mandriva.com/security/
Package : tetex Date : August 14, 2007 Affected: 2007.0, 2007.1, Corporate 4.0
Problem Description:
Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files.
In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)
Updated packages have been patched to prevent these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
Updated Packages:
Mandriva Linux 2007.0: fb959e3f6f872b50954fa8da4fe3c419 2007.0/i586/jadetex-3.12-116.4mdv2007.0.i586.rpm 02e7b28c729ec9f57d5268daedee85e7 2007.0/i586/tetex-3.0-18.4mdv2007.0.i586.rpm 8b89557fbac6f6b37f78f2a2aee16569 2007.0/i586/tetex-afm-3.0-18.4mdv2007.0.i586.rpm f5169a380ec30b11a69b37c38e81555f 2007.0/i586/tetex-context-3.0-18.4mdv2007.0.i586.rpm f4dbfde981fd4658044222bc159ecd41 2007.0/i586/tetex-devel-3.0-18.4mdv2007.0.i586.rpm e0f85c8410194f78ba2aea95e4f9483b 2007.0/i586/tetex-doc-3.0-18.4mdv2007.0.i586.rpm 9753cb8ba53e41a19bdd46bd21d149e0 2007.0/i586/tetex-dvilj-3.0-18.4mdv2007.0.i586.rpm bf28b703c43dea8ddedd6b3dd31d6d4d 2007.0/i586/tetex-dvipdfm-3.0-18.4mdv2007.0.i586.rpm 456feadedb60e9b8f0fa653a4b8c242c 2007.0/i586/tetex-dvips-3.0-18.4mdv2007.0.i586.rpm 596d3a551105ed4ae7504069d97ea15b 2007.0/i586/tetex-latex-3.0-18.4mdv2007.0.i586.rpm 0fa6f2279adff2c0e49e021342684962 2007.0/i586/tetex-mfwin-3.0-18.4mdv2007.0.i586.rpm 4dfbc03ccff172c0031f3b66f49f2e67 2007.0/i586/tetex-texi2html-3.0-18.4mdv2007.0.i586.rpm 3fe94235dcf1d60559c5e22dcb661135 2007.0/i586/tetex-xdvi-3.0-18.4mdv2007.0.i586.rpm 50face08da8982afdcaa653c46d23893 2007.0/i586/xmltex-1.9-64.4mdv2007.0.i586.rpm 63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 3ba044a5b0cbd36b27fa8ebd60d51e8d 2007.0/x86_64/jadetex-3.12-116.4mdv2007.0.x86_64.rpm 94b050b17693804a81e68107b37aade8 2007.0/x86_64/tetex-3.0-18.4mdv2007.0.x86_64.rpm dca2d262c4345720681e776de7aaf3b5 2007.0/x86_64/tetex-afm-3.0-18.4mdv2007.0.x86_64.rpm 6387c4e3923b174732ea42e1c1961f31 2007.0/x86_64/tetex-context-3.0-18.4mdv2007.0.x86_64.rpm 9e31f83c40c6bf2bd0528fd8debc7da0 2007.0/x86_64/tetex-devel-3.0-18.4mdv2007.0.x86_64.rpm b61e81383f6becccb285e0e9e3c04fc8 2007.0/x86_64/tetex-doc-3.0-18.4mdv2007.0.x86_64.rpm ff32dc4e3ee6c9ce2e7160e0e2e8d000 2007.0/x86_64/tetex-dvilj-3.0-18.4mdv2007.0.x86_64.rpm d4bf450a8fc9da8d97cb03a5fd895e5d 2007.0/x86_64/tetex-dvipdfm-3.0-18.4mdv2007.0.x86_64.rpm 9bb0bb329efda5960b7c43cab4bb60a8 2007.0/x86_64/tetex-dvips-3.0-18.4mdv2007.0.x86_64.rpm a6e2b2af59a022db1ccc897d78fd3df1 2007.0/x86_64/tetex-latex-3.0-18.4mdv2007.0.x86_64.rpm 6fdee1957e97c37034bafd9546071553 2007.0/x86_64/tetex-mfwin-3.0-18.4mdv2007.0.x86_64.rpm a10d83249b768f676eabcbdc8d1def85 2007.0/x86_64/tetex-texi2html-3.0-18.4mdv2007.0.x86_64.rpm 71907f30dc7beb72245329e3df4f3d13 2007.0/x86_64/tetex-xdvi-3.0-18.4mdv2007.0.x86_64.rpm 824f5631d126e96851540ce059f378a6 2007.0/x86_64/xmltex-1.9-64.4mdv2007.0.x86_64.rpm 63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm
Mandriva Linux 2007.1: 81f9fad03bffde4848b2684b0beaf1be 2007.1/i586/jadetex-3.12-129.3mdv2007.1.i586.rpm 240f0698cc266be75607780ca95f7df9 2007.1/i586/tetex-3.0-31.3mdv2007.1.i586.rpm adaa2d6fa7128e0c1ef125c5b2a27bd1 2007.1/i586/tetex-afm-3.0-31.3mdv2007.1.i586.rpm 143aa48143998f5ffd5877fb348c06c3 2007.1/i586/tetex-context-3.0-31.3mdv2007.1.i586.rpm 3a3b1e82a1fb3e2260eeac49bd038d44 2007.1/i586/tetex-devel-3.0-31.3mdv2007.1.i586.rpm 98781fd21fae15a9d190387bb7c894fa 2007.1/i586/tetex-doc-3.0-31.3mdv2007.1.i586.rpm 162cc4138d291f34e17589dcbaf47e02 2007.1/i586/tetex-dvilj-3.0-31.3mdv2007.1.i586.rpm c290665965a32365750302b66998cf9c 2007.1/i586/tetex-dvipdfm-3.0-31.3mdv2007.1.i586.rpm 521a43054786848837cadf65d7373adb 2007.1/i586/tetex-dvips-3.0-31.3mdv2007.1.i586.rpm db59616b644d2d040bf20bba50b98a52 2007.1/i586/tetex-latex-3.0-31.3mdv2007.1.i586.rpm 42b078d4e8b5ecfa43cecd105cfd9973 2007.1/i586/tetex-mfwin-3.0-31.3mdv2007.1.i586.rpm d80a680507279c769af4eac68342779e 2007.1/i586/tetex-texi2html-3.0-31.3mdv2007.1.i586.rpm 6ad4a6a5df7c31302c0d8f0294b441fe 2007.1/i586/tetex-usrlocal-3.0-31.3mdv2007.1.i586.rpm a636c345e691cfcad8bb057aa724ca32 2007.1/i586/tetex-xdvi-3.0-31.3mdv2007.1.i586.rpm 81cb470114d43d4ba480c7ef38ad8f9b 2007.1/i586/xmltex-1.9-77.3mdv2007.1.i586.rpm 1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 931bdcfab39b511372c0fe1667cdec9b 2007.1/x86_64/jadetex-3.12-129.3mdv2007.1.x86_64.rpm be2917b026909b9fe2d6f54425f0ae01 2007.1/x86_64/tetex-3.0-31.3mdv2007.1.x86_64.rpm 3927b9a088b3dbbb035ab504724224fa 2007.1/x86_64/tetex-afm-3.0-31.3mdv2007.1.x86_64.rpm 5e0dc9457f6e864bfd097e52540ca691 2007.1/x86_64/tetex-context-3.0-31.3mdv2007.1.x86_64.rpm c360e8b3bb98ee7f7467028038e97e1a 2007.1/x86_64/tetex-devel-3.0-31.3mdv2007.1.x86_64.rpm d48d985a35aa93c17c45349c28c0b243 2007.1/x86_64/tetex-doc-3.0-31.3mdv2007.1.x86_64.rpm eb67ec1e91e422ecfa36f1cbbac8971a 2007.1/x86_64/tetex-dvilj-3.0-31.3mdv2007.1.x86_64.rpm 851858c723458b732e522a3c0e61369c 2007.1/x86_64/tetex-dvipdfm-3.0-31.3mdv2007.1.x86_64.rpm a0eda317da29934a5633f42b177a530f 2007.1/x86_64/tetex-dvips-3.0-31.3mdv2007.1.x86_64.rpm 753c701f03329627fb9e39753981e843 2007.1/x86_64/tetex-latex-3.0-31.3mdv2007.1.x86_64.rpm d994a4854aba90786bbd9a4ec3c12019 2007.1/x86_64/tetex-mfwin-3.0-31.3mdv2007.1.x86_64.rpm e655586388e11bf71063402efc3a7753 2007.1/x86_64/tetex-texi2html-3.0-31.3mdv2007.1.x86_64.rpm 9d5f65b626bd71949a07e6c7431817e0 2007.1/x86_64/tetex-usrlocal-3.0-31.3mdv2007.1.x86_64.rpm 55315fd53192e1d99eee611c658d803e 2007.1/x86_64/tetex-xdvi-3.0-31.3mdv2007.1.x86_64.rpm 64af62bd89fcac2a4ffad45a8eae77d6 2007.1/x86_64/xmltex-1.9-77.3mdv2007.1.x86_64.rpm 1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm
Corporate 4.0: ded203c11a86b123fb65dccf7ebefe7b corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm 02ca90145d6b09cdd92bc9906a9dfa41 corporate/4.0/i586/tetex-3.0-12.6.20060mlcs4.i586.rpm 9af4a0c59bf34cb69ec03feeecc10b51 corporate/4.0/i586/tetex-afm-3.0-12.6.20060mlcs4.i586.rpm c4a7cdb06beb70e2652fee997cd5acd1 corporate/4.0/i586/tetex-context-3.0-12.6.20060mlcs4.i586.rpm 4d4e89d588e0ec5a1a30659b194e53a7 corporate/4.0/i586/tetex-devel-3.0-12.6.20060mlcs4.i586.rpm 7ae26e309360bdfdb9c5c503b0d4edf9 corporate/4.0/i586/tetex-doc-3.0-12.6.20060mlcs4.i586.rpm 302004f96913e500079054ecb03adda9 corporate/4.0/i586/tetex-dvilj-3.0-12.6.20060mlcs4.i586.rpm 00cd5bce374228d46b18d5b2210639f9 corporate/4.0/i586/tetex-dvipdfm-3.0-12.6.20060mlcs4.i586.rpm f216bf18966462b172832a6f8a27fd78 corporate/4.0/i586/tetex-dvips-3.0-12.6.20060mlcs4.i586.rpm f1b3b6fcb547e477570f1311fa7367a0 corporate/4.0/i586/tetex-latex-3.0-12.6.20060mlcs4.i586.rpm 86eb52c3286302e3343928a7bdeb9548 corporate/4.0/i586/tetex-mfwin-3.0-12.6.20060mlcs4.i586.rpm a769eab0038bac03e47a72b634f79e19 corporate/4.0/i586/tetex-texi2html-3.0-12.6.20060mlcs4.i586.rpm fd8530a3177047b3dd9ad9f5c1116020 corporate/4.0/i586/tetex-xdvi-3.0-12.6.20060mlcs4.i586.rpm 7d647f0f6d3db2a9a0f3b6be1fcb672c corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm 8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 03656d00a3a0ab1847acb665ef68d947 corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm df2818955a171b5e682b2e481ea456f0 corporate/4.0/x86_64/tetex-3.0-12.6.20060mlcs4.x86_64.rpm b33cd2edda19f78a7fc67d5fff165b0a corporate/4.0/x86_64/tetex-afm-3.0-12.6.20060mlcs4.x86_64.rpm 7d5818ed21c76ed6ea5db364fb4e9693 corporate/4.0/x86_64/tetex-context-3.0-12.6.20060mlcs4.x86_64.rpm 58f46f75a1d4df827911727ebacbc352 corporate/4.0/x86_64/tetex-devel-3.0-12.6.20060mlcs4.x86_64.rpm edc968cfaa147eb6c0a44d367945cdee corporate/4.0/x86_64/tetex-doc-3.0-12.6.20060mlcs4.x86_64.rpm cbb35ba57e6b7e4ff5e1f7746a556dba corporate/4.0/x86_64/tetex-dvilj-3.0-12.6.20060mlcs4.x86_64.rpm 64037dfd41b52942db831d5d1db263ae corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.6.20060mlcs4.x86_64.rpm 521ac94898d0dd328a72b41a897cac77 corporate/4.0/x86_64/tetex-dvips-3.0-12.6.20060mlcs4.x86_64.rpm 7b08d2c8978a0d020d8bd29478e9300c corporate/4.0/x86_64/tetex-latex-3.0-12.6.20060mlcs4.x86_64.rpm 2c8045b7090444ae36576040d4106399 corporate/4.0/x86_64/tetex-mfwin-3.0-12.6.20060mlcs4.x86_64.rpm 3124bf387e243377003b3bf21d34b6b9 corporate/4.0/x86_64/tetex-texi2html-3.0-12.6.20060mlcs4.x86_64.rpm 88ea09f36b9281e64061a2ca25d10719 corporate/4.0/x86_64/tetex-xdvi-3.0-12.6.20060mlcs4.x86_64.rpm e34498cb80e93ccd2b592ff8a722b985 corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm 8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGwgCrmqjQ0CJFipgRAvxaAKD0oN2+nbJYsb/02Pfv7e91rH+OwQCgoNcD E25vkVsg47bEpt/Rv8lWmms= =oC5G -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0577",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "poppler",
"scope": "lt",
"trust": 1.0,
"vendor": "freedesktop",
"version": "0.5.91"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.10"
},
{
"model": "gpdf",
"scope": "lt",
"trust": 1.0,
"vendor": "gpdf",
"version": "2.8.2"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "xpdfreader",
"version": "3.02"
},
{
"model": "cups",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.1"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.6.1"
},
{
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "suse linux open-xchange",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.5"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "appliance server hosting edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.01"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "1.00"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.3"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.13"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "5.0"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.22"
},
{
"model": "koffice beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "pl2",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.12"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "2.0"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "linux enterprise server for s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"model": "tetex",
"scope": "eq",
"trust": 0.3,
"vendor": "tetex",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "7.3"
},
{
"model": "appliance server workgroup edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"model": "tetex",
"scope": "eq",
"trust": 0.3,
"vendor": "tetex",
"version": "2.0.2"
},
{
"model": "linux enterprise server 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "7.3"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "hat fedora core7",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.8"
},
{
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "broker ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "transsoft",
"version": "8.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "6.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.20"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3x86"
},
{
"model": "koffice beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.5.91"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.5.1"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.4.1"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "5.2"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.00"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "kword",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.5.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.3"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.03"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "5.3"
},
{
"model": "1pl1",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "1.01"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux foresight linux",
"scope": "eq",
"trust": 0.3,
"vendor": "foresight",
"version": "1.1"
},
{
"model": "cstetex",
"scope": "eq",
"trust": 0.3,
"vendor": "cstex",
"version": "2.0.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3.5"
},
{
"model": "gnustep",
"scope": "eq",
"trust": 0.3,
"vendor": "gnustep",
"version": "0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.7"
},
{
"model": "0a",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "1.0"
},
{
"model": "kword",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.4.2"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "tetex",
"scope": "eq",
"trust": 0.3,
"vendor": "tetex",
"version": "1.0.6"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.3"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"model": "tetex",
"scope": "eq",
"trust": 0.3,
"vendor": "tetex",
"version": "1.0.7"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "7"
},
{
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux openexchange server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "tetex",
"scope": "eq",
"trust": 0.3,
"vendor": "tetex",
"version": "2.0.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "pdfedit",
"scope": "ne",
"trust": 0.3,
"vendor": "pdfedit",
"version": "0.3.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.3"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.02"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.16"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.2"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.4.2"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.4.1"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3.2"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.4.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.1"
},
{
"model": "and nitro187 guild ftpd rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "drphibez",
"version": "1.1.19"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0x86"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.01"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.2.92"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4-5"
},
{
"model": "koffice beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3"
},
{
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4-2"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "6.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "tetex",
"scope": "eq",
"trust": 0.3,
"vendor": "tetex",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "6.3"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.3.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "pdfedit",
"scope": "eq",
"trust": 0.3,
"vendor": "pdfedit",
"version": "0.3.1"
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.2.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.18"
},
{
"model": "advanced linux environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3x86-64"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.8.3"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"model": "messaging storage server mss",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.5.3"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.5.4"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "7.1"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.9"
},
{
"model": "f...",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "7.2"
},
{
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.6"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.17"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3.3"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.4.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.0.4"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux enterprise server 9-sp3",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.5.2"
},
{
"model": "linux enterprise server for s/390",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.7"
},
{
"model": "software products cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.23"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.19"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.10"
},
{
"model": "gpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "2.8.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "ptex",
"scope": "eq",
"trust": 0.3,
"vendor": "ptex",
"version": "3.1.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"model": "kword",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.4.1"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.14"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "libextractor",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.4.2"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.2"
},
{
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"model": "hat enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "software products cups rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.19"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.4"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4-3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "kword",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.5"
},
{
"model": "intuity lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.3"
},
{
"model": "home",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.2"
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.2"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "5.1"
},
{
"model": "software products cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.22"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.6"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "pl1",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "2.0.2"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "(patch",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0.12)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "6.2"
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.1"
},
{
"model": "poppler",
"scope": "eq",
"trust": 0.3,
"vendor": "poppler",
"version": "0.4.2"
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.23"
},
{
"model": "kdegraphics",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.4"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.4"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "7.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.0.4-8"
},
{
"model": "pl3",
"scope": "eq",
"trust": 0.3,
"vendor": "xpdf",
"version": "3.0"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.15"
},
{
"model": "koffice",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.5"
}
],
"sources": [
{
"db": "BID",
"id": "25124"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandriva",
"sources": [
{
"db": "PACKETSTORM",
"id": "58629"
},
{
"db": "PACKETSTORM",
"id": "58549"
},
{
"db": "PACKETSTORM",
"id": "58628"
},
{
"db": "PACKETSTORM",
"id": "58547"
},
{
"db": "PACKETSTORM",
"id": "58551"
},
{
"db": "PACKETSTORM",
"id": "58636"
},
{
"db": "PACKETSTORM",
"id": "58548"
}
],
"trust": 0.7
},
"cve": "CVE-2007-3387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2007-3387",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-26749",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3387",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-553",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26749",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26749"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users. \n\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 0.4.2-2sarge6. \n\nThe stable distribution (etch) isn\u0027t affected by this problem. \n\nThe unstable distribution (sid) isn\u0027t affected by this problem. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.dsc\n Size/MD5 checksum: 778 fbcbd62c772674dc96a26373e5aa6e01\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.diff.gz\n Size/MD5 checksum: 9063 bb026f68189fd93686e5fd94b6cda88e\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz\n Size/MD5 checksum: 5887095 d99e1b13a017d39700e376a0edbf7ba2\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_alpha.deb\n Size/MD5 checksum: 19690 01b435b2688d03f3459c79526954925c\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_alpha.deb\n Size/MD5 checksum: 5810714 dd23f39e0b388296b1fc271739712ebe\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_alpha.deb\n Size/MD5 checksum: 19484 7f05a34e53fd43830028912e14d2328f\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_amd64.deb\n Size/MD5 checksum: 18346 b0630efe8af750547c51f18e2b37e56c\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_amd64.deb\n Size/MD5 checksum: 5641608 6cc4c3570ed2c3319944d2dadeb32df2\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_amd64.deb\n Size/MD5 checksum: 17618 b03292795065cdd0c9444343f216a058\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_arm.deb\n Size/MD5 checksum: 17726 b7d8e767fdec15d9f1dd42a4d287d093\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_arm.deb\n Size/MD5 checksum: 5710926 010de9d5ca245ecde20850f2077ec525\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_arm.deb\n Size/MD5 checksum: 17034 70da5564ca690372c8ff2f920e3145e7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_i386.deb\n Size/MD5 checksum: 17870 34c81aebd99358f6a6668e6a6e766dcf\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_i386.deb\n Size/MD5 checksum: 5713546 59647b99f778803ae7dd04b8a3ef4f69\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_i386.deb\n Size/MD5 checksum: 16796 f6a61702be519be0de6ba5254a8d2bc1\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_ia64.deb\n Size/MD5 checksum: 20664 abbab8aca9823e749ce8f56ba180605a\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_ia64.deb\n Size/MD5 checksum: 5905678 6c4fae9ee6f98f8a2b04dfc8bb1e6c77\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_ia64.deb\n Size/MD5 checksum: 19402 7217989cd00aa203703636a12b73ef1c\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_m68k.deb\n Size/MD5 checksum: 17432 ad4ed814052b2b16a980916e8c26b4d5\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_m68k.deb\n Size/MD5 checksum: 5708490 4456e64e983995cdaada1b8003b87de9\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_m68k.deb\n Size/MD5 checksum: 16664 8d0a17ffea00ef3a8dd84ad1ef751382\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mips.deb\n Size/MD5 checksum: 18672 ca896e1b783faaa7fd4f0b16bd5b679f\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mips.deb\n Size/MD5 checksum: 5729468 b4369a7e90e9378aaf16c22e6ee8ba23\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mips.deb\n Size/MD5 checksum: 17960 adf6c5dadd298f2cbfb129b329cbd396\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mipsel.deb\n Size/MD5 checksum: 18720 24b4c8c7394ca7600b5d56ff6756ced0\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mipsel.deb\n Size/MD5 checksum: 5727182 0d3c4b40711cd5ff424d9c3509abc959\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mipsel.deb\n Size/MD5 checksum: 17990 2bfd506c4227ba2b51128ed229d05737\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_powerpc.deb\n Size/MD5 checksum: 19840 965842771a493480a596d23219240384\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_powerpc.deb\n Size/MD5 checksum: 5678172 d9b4e7d752db6ca53ce6adddd1c8963b\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_powerpc.deb\n Size/MD5 checksum: 17802 9d4275a87460db16bf31e112f8a7be72\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_s390.deb\n Size/MD5 checksum: 18220 218a8b4f648ee49543981dd7a418a86b\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_s390.deb\n Size/MD5 checksum: 5768298 367428e42de8d1af622d02d64f4fb027\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_s390.deb\n Size/MD5 checksum: 18166 98cb43003a7a95dbfd121cf615f73bc8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_sparc.deb\n Size/MD5 checksum: 17728 f9220d2e7654b273448c0880374f59d4\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_sparc.deb\n Size/MD5 checksum: 5752498 5c5bcdf9c749506310e95137ae80550c\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_sparc.deb\n Size/MD5 checksum: 16938 b90780181aeb323dbcc4dfa11db7bcd0\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFGti0iXm3vHE4uyloRAoudAJ9ZqS25gbz6VNY/oanVFFjCTMAm6QCgqNhx\nXHBRb5puYoKnbq+YL58W5Jc=\n=/7L0\n-----END PGP SIGNATURE-----\n\n. \n\nTITLE:\nGNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA18375\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18375/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nGNOME 2.x\nhttp://secunia.com/product/3277/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in GNOME gpdf, which can be\nexploited by malicious people to cause a DoS (Denial of Service) and\npotentially to compromise a user\u0027s system. \n\nThe vulnerabilities are caused due to the use of a vulnerable version\nof Xpdf. \n\nFor more information:\nSA18303\n\nSOLUTION:\nRestrict use to trusted PDF files only. \n\nOTHER REFERENCES:\nSA18303:\nhttp://secunia.com/advisories/18303/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ** REJECTED ** Do not use this application number. ConsultIDs: CVE-2007-3387. Reason: This application number is a duplicate of CVE-2007-3387. =========================================================== \nUbuntu Security Notice USN-496-2 August 07, 2007\npoppler vulnerability\nCVE-2007-3387\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libpoppler1 0.5.1-0ubuntu7.2\n\nUbuntu 6.10:\n libpoppler1 0.5.4-0ubuntu4.2\n\nUbuntu 7.04:\n libpoppler1 0.5.4-0ubuntu8.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nUSN-496-1 fixed a vulnerability in koffice. This update provides the\ncorresponding updates for poppler, the library used for PDF handling in\nGnome. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200709-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: teTeX: Multiple buffer overflows\n Date: September 27, 2007\n Bugs: #170861, #182055, #188172\n ID: 200709-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in teTeX, allowing for\nuser-assisted execution of arbitrary code. \n\nBackground\n==========\n\nteTeX is a complete TeX distribution for editing documents. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/tetex \u003c 3.0_p1-r4 \u003e= 3.0_p1-r4\n\nDescription\n===========\n\nMark Richters discovered a buffer overflow in the open_sty() function\nin file mkind.c. Other vulnerabilities have also been discovered in the\nsame file but might not be exploitable (CVE-2007-0650). Tetex also\nincludes vulnerable code from GD library (GLSA 200708-05), and from\nXpdf (CVE-2007-3387). In both cases, this could lead to the remote execution of\narbitrary code with the privileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll teTeX users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/tetex-3.0_p1-r4\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-0650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650\n [ 2 ] CVE-2007-3387\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387\n [ 3 ] GLSA-200708-05\n http://www.gentoo.org/security/en/glsa/glsa-200708-05.xml\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200709-17.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory MDKSA-2007:164\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : tetex\n Date : August 14, 2007\n Affected: 2007.0, 2007.1, Corporate 4.0\n _______________________________________________________________________\n \n Problem Description:\n \n Maurycy Prodeus found an integer overflow vulnerability in the way\n various PDF viewers processed PDF files. \n \n In addition, tetex contains an embedded copy of the GD library which\n suffers from a number of bugs which potentially lead to denial of\n service and possibly other issues. (CVE-2007-3472)\n \n The gdImageCreateXbm function in the GD Graphics Library (libgd)\n before 2.0.35 allows user-assisted remote attackers to cause a denial\n of service (crash) via unspecified vectors involving a gdImageCreate\n failure. (CVE-2007-3473)\n \n Multiple unspecified vulnerabilities in the GIF reader in the\n GD Graphics Library (libgd) before 2.0.35 allow user-assisted\n remote attackers to have unspecified attack vectors and\n impact. (CVE-2007-3474)\n \n The GD Graphics Library (libgd) before 2.0.35 allows user-assisted\n remote attackers to cause a denial of service (crash) via a GIF image\n that has no global color map. (CVE-2007-3475)\n \n Array index error in gd_gif_in.c in the GD Graphics Library (libgd)\n before 2.0.35 allows user-assisted remote attackers to cause\n a denial of service (crash and heap corruption) via large color\n index values in crafted image data, which results in a segmentation\n fault. (CVE-2007-3476)\n \n The (a) imagearc and (b) imagefilledarc functions in GD Graphics\n Library (libgd) before 2.0.35 allows attackers to cause a denial\n of service (CPU consumption) via a large (1) start or (2) end angle\n degree value. (CVE-2007-3477)\n \n Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the\n GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote\n attackers to cause a denial of service (crash) via unspecified vectors,\n possibly involving truetype font (TTF) support. (CVE-2007-3478)\n \n Updated packages have been patched to prevent these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n fb959e3f6f872b50954fa8da4fe3c419 2007.0/i586/jadetex-3.12-116.4mdv2007.0.i586.rpm\n 02e7b28c729ec9f57d5268daedee85e7 2007.0/i586/tetex-3.0-18.4mdv2007.0.i586.rpm\n 8b89557fbac6f6b37f78f2a2aee16569 2007.0/i586/tetex-afm-3.0-18.4mdv2007.0.i586.rpm\n f5169a380ec30b11a69b37c38e81555f 2007.0/i586/tetex-context-3.0-18.4mdv2007.0.i586.rpm\n f4dbfde981fd4658044222bc159ecd41 2007.0/i586/tetex-devel-3.0-18.4mdv2007.0.i586.rpm\n e0f85c8410194f78ba2aea95e4f9483b 2007.0/i586/tetex-doc-3.0-18.4mdv2007.0.i586.rpm\n 9753cb8ba53e41a19bdd46bd21d149e0 2007.0/i586/tetex-dvilj-3.0-18.4mdv2007.0.i586.rpm\n bf28b703c43dea8ddedd6b3dd31d6d4d 2007.0/i586/tetex-dvipdfm-3.0-18.4mdv2007.0.i586.rpm\n 456feadedb60e9b8f0fa653a4b8c242c 2007.0/i586/tetex-dvips-3.0-18.4mdv2007.0.i586.rpm\n 596d3a551105ed4ae7504069d97ea15b 2007.0/i586/tetex-latex-3.0-18.4mdv2007.0.i586.rpm\n 0fa6f2279adff2c0e49e021342684962 2007.0/i586/tetex-mfwin-3.0-18.4mdv2007.0.i586.rpm\n 4dfbc03ccff172c0031f3b66f49f2e67 2007.0/i586/tetex-texi2html-3.0-18.4mdv2007.0.i586.rpm\n 3fe94235dcf1d60559c5e22dcb661135 2007.0/i586/tetex-xdvi-3.0-18.4mdv2007.0.i586.rpm\n 50face08da8982afdcaa653c46d23893 2007.0/i586/xmltex-1.9-64.4mdv2007.0.i586.rpm \n 63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 3ba044a5b0cbd36b27fa8ebd60d51e8d 2007.0/x86_64/jadetex-3.12-116.4mdv2007.0.x86_64.rpm\n 94b050b17693804a81e68107b37aade8 2007.0/x86_64/tetex-3.0-18.4mdv2007.0.x86_64.rpm\n dca2d262c4345720681e776de7aaf3b5 2007.0/x86_64/tetex-afm-3.0-18.4mdv2007.0.x86_64.rpm\n 6387c4e3923b174732ea42e1c1961f31 2007.0/x86_64/tetex-context-3.0-18.4mdv2007.0.x86_64.rpm\n 9e31f83c40c6bf2bd0528fd8debc7da0 2007.0/x86_64/tetex-devel-3.0-18.4mdv2007.0.x86_64.rpm\n b61e81383f6becccb285e0e9e3c04fc8 2007.0/x86_64/tetex-doc-3.0-18.4mdv2007.0.x86_64.rpm\n ff32dc4e3ee6c9ce2e7160e0e2e8d000 2007.0/x86_64/tetex-dvilj-3.0-18.4mdv2007.0.x86_64.rpm\n d4bf450a8fc9da8d97cb03a5fd895e5d 2007.0/x86_64/tetex-dvipdfm-3.0-18.4mdv2007.0.x86_64.rpm\n 9bb0bb329efda5960b7c43cab4bb60a8 2007.0/x86_64/tetex-dvips-3.0-18.4mdv2007.0.x86_64.rpm\n a6e2b2af59a022db1ccc897d78fd3df1 2007.0/x86_64/tetex-latex-3.0-18.4mdv2007.0.x86_64.rpm\n 6fdee1957e97c37034bafd9546071553 2007.0/x86_64/tetex-mfwin-3.0-18.4mdv2007.0.x86_64.rpm\n a10d83249b768f676eabcbdc8d1def85 2007.0/x86_64/tetex-texi2html-3.0-18.4mdv2007.0.x86_64.rpm\n 71907f30dc7beb72245329e3df4f3d13 2007.0/x86_64/tetex-xdvi-3.0-18.4mdv2007.0.x86_64.rpm\n 824f5631d126e96851540ce059f378a6 2007.0/x86_64/xmltex-1.9-64.4mdv2007.0.x86_64.rpm \n 63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 81f9fad03bffde4848b2684b0beaf1be 2007.1/i586/jadetex-3.12-129.3mdv2007.1.i586.rpm\n 240f0698cc266be75607780ca95f7df9 2007.1/i586/tetex-3.0-31.3mdv2007.1.i586.rpm\n adaa2d6fa7128e0c1ef125c5b2a27bd1 2007.1/i586/tetex-afm-3.0-31.3mdv2007.1.i586.rpm\n 143aa48143998f5ffd5877fb348c06c3 2007.1/i586/tetex-context-3.0-31.3mdv2007.1.i586.rpm\n 3a3b1e82a1fb3e2260eeac49bd038d44 2007.1/i586/tetex-devel-3.0-31.3mdv2007.1.i586.rpm\n 98781fd21fae15a9d190387bb7c894fa 2007.1/i586/tetex-doc-3.0-31.3mdv2007.1.i586.rpm\n 162cc4138d291f34e17589dcbaf47e02 2007.1/i586/tetex-dvilj-3.0-31.3mdv2007.1.i586.rpm\n c290665965a32365750302b66998cf9c 2007.1/i586/tetex-dvipdfm-3.0-31.3mdv2007.1.i586.rpm\n 521a43054786848837cadf65d7373adb 2007.1/i586/tetex-dvips-3.0-31.3mdv2007.1.i586.rpm\n db59616b644d2d040bf20bba50b98a52 2007.1/i586/tetex-latex-3.0-31.3mdv2007.1.i586.rpm\n 42b078d4e8b5ecfa43cecd105cfd9973 2007.1/i586/tetex-mfwin-3.0-31.3mdv2007.1.i586.rpm\n d80a680507279c769af4eac68342779e 2007.1/i586/tetex-texi2html-3.0-31.3mdv2007.1.i586.rpm\n 6ad4a6a5df7c31302c0d8f0294b441fe 2007.1/i586/tetex-usrlocal-3.0-31.3mdv2007.1.i586.rpm\n a636c345e691cfcad8bb057aa724ca32 2007.1/i586/tetex-xdvi-3.0-31.3mdv2007.1.i586.rpm\n 81cb470114d43d4ba480c7ef38ad8f9b 2007.1/i586/xmltex-1.9-77.3mdv2007.1.i586.rpm \n 1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 931bdcfab39b511372c0fe1667cdec9b 2007.1/x86_64/jadetex-3.12-129.3mdv2007.1.x86_64.rpm\n be2917b026909b9fe2d6f54425f0ae01 2007.1/x86_64/tetex-3.0-31.3mdv2007.1.x86_64.rpm\n 3927b9a088b3dbbb035ab504724224fa 2007.1/x86_64/tetex-afm-3.0-31.3mdv2007.1.x86_64.rpm\n 5e0dc9457f6e864bfd097e52540ca691 2007.1/x86_64/tetex-context-3.0-31.3mdv2007.1.x86_64.rpm\n c360e8b3bb98ee7f7467028038e97e1a 2007.1/x86_64/tetex-devel-3.0-31.3mdv2007.1.x86_64.rpm\n d48d985a35aa93c17c45349c28c0b243 2007.1/x86_64/tetex-doc-3.0-31.3mdv2007.1.x86_64.rpm\n eb67ec1e91e422ecfa36f1cbbac8971a 2007.1/x86_64/tetex-dvilj-3.0-31.3mdv2007.1.x86_64.rpm\n 851858c723458b732e522a3c0e61369c 2007.1/x86_64/tetex-dvipdfm-3.0-31.3mdv2007.1.x86_64.rpm\n a0eda317da29934a5633f42b177a530f 2007.1/x86_64/tetex-dvips-3.0-31.3mdv2007.1.x86_64.rpm\n 753c701f03329627fb9e39753981e843 2007.1/x86_64/tetex-latex-3.0-31.3mdv2007.1.x86_64.rpm\n d994a4854aba90786bbd9a4ec3c12019 2007.1/x86_64/tetex-mfwin-3.0-31.3mdv2007.1.x86_64.rpm\n e655586388e11bf71063402efc3a7753 2007.1/x86_64/tetex-texi2html-3.0-31.3mdv2007.1.x86_64.rpm\n 9d5f65b626bd71949a07e6c7431817e0 2007.1/x86_64/tetex-usrlocal-3.0-31.3mdv2007.1.x86_64.rpm\n 55315fd53192e1d99eee611c658d803e 2007.1/x86_64/tetex-xdvi-3.0-31.3mdv2007.1.x86_64.rpm\n 64af62bd89fcac2a4ffad45a8eae77d6 2007.1/x86_64/xmltex-1.9-77.3mdv2007.1.x86_64.rpm \n 1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm\n\n Corporate 4.0:\n ded203c11a86b123fb65dccf7ebefe7b corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm\n 02ca90145d6b09cdd92bc9906a9dfa41 corporate/4.0/i586/tetex-3.0-12.6.20060mlcs4.i586.rpm\n 9af4a0c59bf34cb69ec03feeecc10b51 corporate/4.0/i586/tetex-afm-3.0-12.6.20060mlcs4.i586.rpm\n c4a7cdb06beb70e2652fee997cd5acd1 corporate/4.0/i586/tetex-context-3.0-12.6.20060mlcs4.i586.rpm\n 4d4e89d588e0ec5a1a30659b194e53a7 corporate/4.0/i586/tetex-devel-3.0-12.6.20060mlcs4.i586.rpm\n 7ae26e309360bdfdb9c5c503b0d4edf9 corporate/4.0/i586/tetex-doc-3.0-12.6.20060mlcs4.i586.rpm\n 302004f96913e500079054ecb03adda9 corporate/4.0/i586/tetex-dvilj-3.0-12.6.20060mlcs4.i586.rpm\n 00cd5bce374228d46b18d5b2210639f9 corporate/4.0/i586/tetex-dvipdfm-3.0-12.6.20060mlcs4.i586.rpm\n f216bf18966462b172832a6f8a27fd78 corporate/4.0/i586/tetex-dvips-3.0-12.6.20060mlcs4.i586.rpm\n f1b3b6fcb547e477570f1311fa7367a0 corporate/4.0/i586/tetex-latex-3.0-12.6.20060mlcs4.i586.rpm\n 86eb52c3286302e3343928a7bdeb9548 corporate/4.0/i586/tetex-mfwin-3.0-12.6.20060mlcs4.i586.rpm\n a769eab0038bac03e47a72b634f79e19 corporate/4.0/i586/tetex-texi2html-3.0-12.6.20060mlcs4.i586.rpm\n fd8530a3177047b3dd9ad9f5c1116020 corporate/4.0/i586/tetex-xdvi-3.0-12.6.20060mlcs4.i586.rpm\n 7d647f0f6d3db2a9a0f3b6be1fcb672c corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm \n 8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 03656d00a3a0ab1847acb665ef68d947 corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm\n df2818955a171b5e682b2e481ea456f0 corporate/4.0/x86_64/tetex-3.0-12.6.20060mlcs4.x86_64.rpm\n b33cd2edda19f78a7fc67d5fff165b0a corporate/4.0/x86_64/tetex-afm-3.0-12.6.20060mlcs4.x86_64.rpm\n 7d5818ed21c76ed6ea5db364fb4e9693 corporate/4.0/x86_64/tetex-context-3.0-12.6.20060mlcs4.x86_64.rpm\n 58f46f75a1d4df827911727ebacbc352 corporate/4.0/x86_64/tetex-devel-3.0-12.6.20060mlcs4.x86_64.rpm\n edc968cfaa147eb6c0a44d367945cdee corporate/4.0/x86_64/tetex-doc-3.0-12.6.20060mlcs4.x86_64.rpm\n cbb35ba57e6b7e4ff5e1f7746a556dba corporate/4.0/x86_64/tetex-dvilj-3.0-12.6.20060mlcs4.x86_64.rpm\n 64037dfd41b52942db831d5d1db263ae corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.6.20060mlcs4.x86_64.rpm\n 521ac94898d0dd328a72b41a897cac77 corporate/4.0/x86_64/tetex-dvips-3.0-12.6.20060mlcs4.x86_64.rpm\n 7b08d2c8978a0d020d8bd29478e9300c corporate/4.0/x86_64/tetex-latex-3.0-12.6.20060mlcs4.x86_64.rpm\n 2c8045b7090444ae36576040d4106399 corporate/4.0/x86_64/tetex-mfwin-3.0-12.6.20060mlcs4.x86_64.rpm\n 3124bf387e243377003b3bf21d34b6b9 corporate/4.0/x86_64/tetex-texi2html-3.0-12.6.20060mlcs4.x86_64.rpm\n 88ea09f36b9281e64061a2ca25d10719 corporate/4.0/x86_64/tetex-xdvi-3.0-12.6.20060mlcs4.x86_64.rpm\n e34498cb80e93ccd2b592ff8a722b985 corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm \n 8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGwgCrmqjQ0CJFipgRAvxaAKD0oN2+nbJYsb/02Pfv7e91rH+OwQCgoNcD\nE25vkVsg47bEpt/Rv8lWmms=\n=oC5G\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3387"
},
{
"db": "BID",
"id": "25124"
},
{
"db": "PACKETSTORM",
"id": "58548"
},
{
"db": "PACKETSTORM",
"id": "58345"
},
{
"db": "PACKETSTORM",
"id": "58636"
},
{
"db": "PACKETSTORM",
"id": "58327"
},
{
"db": "PACKETSTORM",
"id": "58551"
},
{
"db": "PACKETSTORM",
"id": "42994"
},
{
"db": "PACKETSTORM",
"id": "58361"
},
{
"db": "VULHUB",
"id": "VHN-26749"
},
{
"db": "PACKETSTORM",
"id": "58337"
},
{
"db": "PACKETSTORM",
"id": "58628"
},
{
"db": "PACKETSTORM",
"id": "58364"
},
{
"db": "PACKETSTORM",
"id": "58549"
},
{
"db": "PACKETSTORM",
"id": "59656"
},
{
"db": "PACKETSTORM",
"id": "58520"
},
{
"db": "PACKETSTORM",
"id": "58629"
},
{
"db": "PACKETSTORM",
"id": "58547"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-26749",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26749"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3387",
"trust": 3.4
},
{
"db": "BID",
"id": "25124",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26255",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26403",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26343",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26251",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26395",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26293",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26432",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26254",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26468",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27308",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26425",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26281",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26627",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26470",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26607",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26467",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30168",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26283",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27156",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26188",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26410",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26318",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26982",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26278",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26413",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26342",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26297",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26407",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26405",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26365",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26325",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26307",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26436",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26514",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27637",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26862",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26257",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26370",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27281",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26358",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018473",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2705",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2704",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "40127",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200707-553",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "58327",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58361",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58636",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58364",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58628",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58547",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58345",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58551",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58629",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58549",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58520",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58548",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58338",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59962",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58578",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59463",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58700",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-26749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59656",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "18375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42994",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26749"
},
{
"db": "BID",
"id": "25124"
},
{
"db": "PACKETSTORM",
"id": "58629"
},
{
"db": "PACKETSTORM",
"id": "58520"
},
{
"db": "PACKETSTORM",
"id": "59656"
},
{
"db": "PACKETSTORM",
"id": "58549"
},
{
"db": "PACKETSTORM",
"id": "58364"
},
{
"db": "PACKETSTORM",
"id": "58628"
},
{
"db": "PACKETSTORM",
"id": "58337"
},
{
"db": "PACKETSTORM",
"id": "58547"
},
{
"db": "PACKETSTORM",
"id": "58361"
},
{
"db": "PACKETSTORM",
"id": "42994"
},
{
"db": "PACKETSTORM",
"id": "58551"
},
{
"db": "PACKETSTORM",
"id": "58327"
},
{
"db": "PACKETSTORM",
"id": "58636"
},
{
"db": "PACKETSTORM",
"id": "58345"
},
{
"db": "PACKETSTORM",
"id": "58548"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"id": "VAR-200707-0577",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26749"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:26:02.978000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Poppler Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=137917"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26749"
},
{
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"trust": 2.0,
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-401.htm"
},
{
"trust": 2.0,
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018473"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25124"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26188"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26251"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26254"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26255"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26257"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26278"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26281"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26283"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26293"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26297"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26307"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26318"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26325"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26342"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26343"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26358"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26365"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26370"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26395"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26403"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26405"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26407"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26410"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26413"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26425"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26432"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26436"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26467"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26468"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26470"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26514"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26607"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26627"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26862"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26982"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27156"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27281"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27308"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27637"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30168"
},
{
"trust": 1.7,
"url": "http://osvdb.org/40127"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"trust": 1.7,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:158"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:159"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:160"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:161"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:162"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:163"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:164"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:165"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0720.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0729.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0730.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0731.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0732.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0735.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"trust": 1.7,
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"trust": 1.7,
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"trust": 1.7,
"url": "https://issues.foresightlinux.org/browse/fl-471"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-1596"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-1604"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11149"
},
{
"trust": 1.6,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3387"
},
{
"trust": 1.1,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-p.asc"
},
{
"trust": 1.1,
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3387"
},
{
"trust": 0.7,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.7,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0735"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248194"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0731"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0730"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0732"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0729"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0720"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2007-3387"
},
{
"trust": 0.4,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.4,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.4,
"url": "http://security.debian.org/"
},
{
"trust": 0.4,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.3,
"url": "http://www.koffice.org/"
},
{
"trust": 0.3,
"url": "http://kpdf.kde.org/"
},
{
"trust": 0.3,
"url": "http://www.foolabs.com/xpdf/"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0720.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0729.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0730.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0731.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0732.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0735.html"
},
{
"trust": 0.1,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026amp;y=2007\u0026amp;m=slackware-security.423670"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2007\u0026amp;m=slackware-security.761882"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3476"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3474"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3478"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3475"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3472"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3476"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3474"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0650"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-05.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.4-0ubuntu8.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.4-0ubuntu8.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.4-0ubuntu4.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.4-0ubuntu4.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt4_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu8.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu8.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu8.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.4-0ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.4-0ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.4-0ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-0ubuntu8.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9etch1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18375/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18303/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3277/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2-0ubuntu2.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0-0ubuntu9.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2-0ubuntu1.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2-0ubuntu2.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.5.0-0ubuntu9.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2-0ubuntu1.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0-0ubuntu9.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.5.2-0ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2-0ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_ia64.deb"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26749"
},
{
"db": "BID",
"id": "25124"
},
{
"db": "PACKETSTORM",
"id": "58629"
},
{
"db": "PACKETSTORM",
"id": "58520"
},
{
"db": "PACKETSTORM",
"id": "59656"
},
{
"db": "PACKETSTORM",
"id": "58549"
},
{
"db": "PACKETSTORM",
"id": "58364"
},
{
"db": "PACKETSTORM",
"id": "58628"
},
{
"db": "PACKETSTORM",
"id": "58337"
},
{
"db": "PACKETSTORM",
"id": "58547"
},
{
"db": "PACKETSTORM",
"id": "58361"
},
{
"db": "PACKETSTORM",
"id": "42994"
},
{
"db": "PACKETSTORM",
"id": "58551"
},
{
"db": "PACKETSTORM",
"id": "58327"
},
{
"db": "PACKETSTORM",
"id": "58636"
},
{
"db": "PACKETSTORM",
"id": "58345"
},
{
"db": "PACKETSTORM",
"id": "58548"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26749"
},
{
"db": "BID",
"id": "25124"
},
{
"db": "PACKETSTORM",
"id": "58629"
},
{
"db": "PACKETSTORM",
"id": "58520"
},
{
"db": "PACKETSTORM",
"id": "59656"
},
{
"db": "PACKETSTORM",
"id": "58549"
},
{
"db": "PACKETSTORM",
"id": "58364"
},
{
"db": "PACKETSTORM",
"id": "58628"
},
{
"db": "PACKETSTORM",
"id": "58337"
},
{
"db": "PACKETSTORM",
"id": "58547"
},
{
"db": "PACKETSTORM",
"id": "58361"
},
{
"db": "PACKETSTORM",
"id": "42994"
},
{
"db": "PACKETSTORM",
"id": "58551"
},
{
"db": "PACKETSTORM",
"id": "58327"
},
{
"db": "PACKETSTORM",
"id": "58636"
},
{
"db": "PACKETSTORM",
"id": "58345"
},
{
"db": "PACKETSTORM",
"id": "58548"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-26749"
},
{
"date": "2007-07-30T00:00:00",
"db": "BID",
"id": "25124"
},
{
"date": "2007-08-16T08:36:55",
"db": "PACKETSTORM",
"id": "58629"
},
{
"date": "2007-08-14T03:56:53",
"db": "PACKETSTORM",
"id": "58520"
},
{
"date": "2007-09-28T01:34:55",
"db": "PACKETSTORM",
"id": "59656"
},
{
"date": "2007-08-14T17:43:50",
"db": "PACKETSTORM",
"id": "58549"
},
{
"date": "2007-08-08T08:07:51",
"db": "PACKETSTORM",
"id": "58364"
},
{
"date": "2007-08-16T08:34:59",
"db": "PACKETSTORM",
"id": "58628"
},
{
"date": "2007-08-08T07:05:20",
"db": "PACKETSTORM",
"id": "58337"
},
{
"date": "2007-08-14T17:42:47",
"db": "PACKETSTORM",
"id": "58547"
},
{
"date": "2007-08-08T08:03:21",
"db": "PACKETSTORM",
"id": "58361"
},
{
"date": "2006-01-12T00:49:01",
"db": "PACKETSTORM",
"id": "42994"
},
{
"date": "2007-08-14T17:46:34",
"db": "PACKETSTORM",
"id": "58551"
},
{
"date": "2007-08-08T06:39:30",
"db": "PACKETSTORM",
"id": "58327"
},
{
"date": "2007-08-16T08:47:55",
"db": "PACKETSTORM",
"id": "58636"
},
{
"date": "2007-08-08T07:17:12",
"db": "PACKETSTORM",
"id": "58345"
},
{
"date": "2007-08-14T17:43:20",
"db": "PACKETSTORM",
"id": "58548"
},
{
"date": "2007-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"date": "2007-07-30T23:17:00",
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-26749"
},
{
"date": "2008-05-13T01:25:00",
"db": "BID",
"id": "25124"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-553"
},
{
"date": "2024-11-21T00:33:06.880000",
"db": "NVD",
"id": "CVE-2007-3387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Freedesktop Poppler Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-553"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "58629"
},
{
"db": "PACKETSTORM",
"id": "58520"
},
{
"db": "PACKETSTORM",
"id": "58549"
},
{
"db": "PACKETSTORM",
"id": "58364"
},
{
"db": "PACKETSTORM",
"id": "58628"
},
{
"db": "PACKETSTORM",
"id": "58337"
},
{
"db": "PACKETSTORM",
"id": "58547"
},
{
"db": "PACKETSTORM",
"id": "58361"
},
{
"db": "PACKETSTORM",
"id": "58551"
},
{
"db": "PACKETSTORM",
"id": "58327"
},
{
"db": "PACKETSTORM",
"id": "58636"
},
{
"db": "PACKETSTORM",
"id": "58345"
},
{
"db": "PACKETSTORM",
"id": "58548"
}
],
"trust": 1.3
}
}