Filtered by vendor Freedesktop
Subscriptions
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-04 | 7.5 High |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
| CVE-2020-12049 | 3 Canonical, Freedesktop, Redhat | 5 Ubuntu Linux, Dbus, Enterprise Linux and 2 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | ||||
| CVE-2021-30860 | 3 Apple, Freedesktop, Xpdfreader | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2024-08-03 | 7.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2021-3185 | 1 Freedesktop | 1 Gst-plugins-bad | 2024-08-03 | 9.8 Critical |
| A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. | ||||
| CVE-2022-42010 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | ||||
| CVE-2022-42011 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | ||||
| CVE-2022-42012 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | ||||
| CVE-2022-37051 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||||
| CVE-2022-37050 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-03 | 6.5 Medium |
| In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. | ||||
| CVE-2022-31782 | 1 Freedesktop | 1 Freetype Demo Programs | 2024-08-03 | 7.8 High |
| ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. | ||||
| CVE-2022-27337 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 4 Debian Linux, Fedora, Poppler and 1 more | 2024-08-03 | 6.5 Medium |
| A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
| CVE-2022-4055 | 1 Freedesktop | 1 Xdg-utils | 2024-08-03 | 7.4 High |
| When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. | ||||
| CVE-2022-1215 | 2 Freedesktop, Redhat | 2 Libinput, Enterprise Linux | 2024-08-02 | 7.8 High |
| A format string vulnerability was found in libinput | ||||
| CVE-2023-34969 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 5 Debian Linux, Fedora, Dbus and 2 more | 2024-08-02 | 6.5 Medium |
| D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. | ||||
| CVE-2023-34872 | 1 Freedesktop | 1 Poppler | 2024-08-02 | 5.5 Medium |
| A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | ||||