Filtered by vendor Freedesktop
Subscriptions
Total
135 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-2090 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-05 | 9.8 Critical |
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | ||||
CVE-2017-1000456 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||||
CVE-2017-18266 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Xdg-utils | 2024-08-05 | N/A |
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | ||||
CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2024-08-05 | N/A |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | ||||
CVE-2017-15565 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | ||||
CVE-2017-15131 | 2 Freedesktop, Redhat | 2 Xdg-user-dirs, Enterprise Linux | 2024-08-05 | N/A |
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. | ||||
CVE-2017-14975 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | ||||
CVE-2017-14977 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | ||||
CVE-2017-14976 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | ||||
CVE-2017-14929 | 1 Freedesktop | 1 Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | ||||
CVE-2017-14928 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | 5.5 Medium |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | ||||
CVE-2017-14926 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | 5.5 Medium |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | ||||
CVE-2017-14927 | 1 Freedesktop | 1 Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | ||||
CVE-2017-14519 | 1 Freedesktop | 1 Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | ||||
CVE-2017-14518 | 1 Freedesktop | 1 Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | ||||
CVE-2017-14520 | 1 Freedesktop | 1 Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | ||||
CVE-2017-14517 | 1 Freedesktop | 1 Poppler | 2024-08-05 | N/A |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | ||||
CVE-2017-9865 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | ||||
CVE-2017-9776 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2024-08-05 | N/A |
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2017-9775 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2024-08-05 | N/A |
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. |