Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xpdfreader | xpdf | 3.02 |
| apple | cups | * |
| gpdf_project | gpdf | * |
| freedesktop | poppler | * |
| debian | debian_linux | 4.0 |
| canonical | ubuntu_linux | 7.04 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 6.10 |
| debian | debian_linux | 3.1 |
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 2008.0 |
| freedesktop | dbus | * |
| redhat | enterprise_linux | 5.0 |
| mandrakesoft | mandrake_linux | 2007 |
| mandrakesoft | mandrake_linux | 2007.1 |
| mandrakesoft | mandrake_linux | 2007.0_x86_64 |
| redhat | enterprise_linux | 5 |
| fedoraproject | fedora | 7 |
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | policykit | 0.6 |
| freedesktop | policykit | * |
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.0.2 |
| freedesktop | dbus | 0.31 |
| freedesktop | dbus | 0.61 |
| freedesktop | dbus | 0.8 |
| freedesktop | dbus | 0.20 |
| freedesktop | dbus | 0.62 |
| freedesktop | dbus | 0.90 |
| freedesktop | dbus | 0.60 |
| freedesktop | dbus | 0.92 |
| freedesktop | dbus | 1.1.20 |
| freedesktop | dbus | 0.21 |
| freedesktop | dbus | 0.35.1 |
| freedesktop | dbus | 0.3 |
| freedesktop | dbus | 1.1.2 |
| freedesktop | dbus | 0.34 |
| freedesktop | dbus | 1.1.4 |
| freedesktop | dbus | 0.36.2 |
| freedesktop | dbus | 0.36.1 |
| freedesktop | dbus | 1.1.0 |
| freedesktop | dbus | 0.6 |
| freedesktop | dbus | 0.33 |
| freedesktop | dbus | * |
| freedesktop | dbus | 0.23.2 |
| freedesktop | dbus | 0.9 |
| freedesktop | dbus | 0.35.2 |
| freedesktop | dbus | 0.10 |
| freedesktop | dbus | 1.1.1 |
| freedesktop | dbus | 0.1 |
| freedesktop | dbus | 0.12 |
| freedesktop | dbus | 0.5 |
| freedesktop | dbus | 0.91 |
| freedesktop | dbus | 0.36 |
| freedesktop | dbus | 0.7 |
| freedesktop | dbus | 0.23 |
| freedesktop | dbus | 0.23.3 |
| freedesktop | dbus | 1.0 |
| freedesktop | dbus | 1.2.1 |
| freedesktop | dbus | 0.4 |
| freedesktop | dbus | 0.35 |
| freedesktop | dbus | 0.23.1 |
| freedesktop | dbus | 0.2 |
| freedesktop | dbus | 0.13 |
| freedesktop | dbus | 0.11 |
| freedesktop | dbus | 0.22 |
| freedesktop | dbus | 0.32 |
| freedesktop | dbus | 0.50 |
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | policykit | 0.96 |
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | udisks | * |
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus-glib | 0.73 |
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 13 |
| canonical | ubuntu_linux | 10.10 |
| xpdfreader | xpdf | 3.02 |
| canonical | ubuntu_linux | 10.04 |
| debian | debian_linux | 6.0 |
| freedesktop | poppler | * |
| canonical | ubuntu_linux | 9.04 |
| canonical | ubuntu_linux | 8.04 |
| opensuse | opensuse | 11.3 |
| xpdfreader | xpdf | * |
| apple | cups | * |
| fedoraproject | fedora | 12 |
| canonical | ubuntu_linux | 6.06 |
| fedoraproject | fedora | 14 |
| redhat | enterprise_linux_desktop | 5.0 |
| suse | linux_enterprise_server | 10 |
| debian | debian_linux | 5.0 |
| suse | linux_enterprise_server | 9 |
| redhat | enterprise_linux_server | 5.0 |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 9.10 |
| opensuse | opensuse | 11.2 |
| opensuse | opensuse | 11.1 |
| redhat | enterprise_linux_workstation | 5.0 |
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | telepathy_gabble | 0.8.6 |
| freedesktop | telepathy_gabble | 0.8.12 |
| freedesktop | telepathy_gabble | 0.10.3 |
| freedesktop | telepathy_gabble | 0.8.11 |
| freedesktop | telepathy_gabble | 0.11.5 |
| freedesktop | telepathy_gabble | 0.10.1 |
| freedesktop | telepathy_gabble | 0.10.2 |
| freedesktop | telepathy_gabble | 0.8 |
| freedesktop | telepathy_gabble | 0.11.6 |
| freedesktop | telepathy_gabble | 0.10 |
| freedesktop | telepathy_gabble | 0.11.1 |
| freedesktop | telepathy_gabble | 0.8.8 |
| freedesktop | telepathy_gabble | 0.11.3 |
| freedesktop | telepathy_gabble | 0.8.10 |
| freedesktop | telepathy_gabble | 0.8.3 |
| freedesktop | telepathy_gabble | 0.8.13 |
| freedesktop | telepathy_gabble | 0.8.5 |
| freedesktop | telepathy_gabble | 0.8.14 |
| freedesktop | telepathy_gabble | 0.10.4 |
| freedesktop | telepathy_gabble | 0.8.7 |
| freedesktop | telepathy_gabble | 0.11.2 |
| freedesktop | telepathy_gabble | 0.8.1 |
| freedesktop | telepathy_gabble | 0.8.2 |
| freedesktop | telepathy_gabble | 0.8.9 |
| freedesktop | telepathy_gabble | 0.8.4 |
| freedesktop | telepathy_gabble | 0.11 |
| freedesktop | telepathy_gabble | 0.11.4 |
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.5.2 |
| freedesktop | dbus | 1.2.2 |
| freedesktop | dbus | 1.2.20 |
| freedesktop | dbus | 1.2.10 |
| freedesktop | dbus | 1.4.6 |
| freedesktop | dbus | 1.2.3 |
| freedesktop | dbus | 1.4.8 |
| freedesktop | dbus | 1.2.12 |
| freedesktop | dbus | 1.2.8 |
| freedesktop | dbus | 1.2.18 |
| freedesktop | dbus | 1.2.22 |
| freedesktop | dbus | 1.5.0 |
| d-bus_project | d-bus | 1.2.4.4 |
| freedesktop | dbus | 1.2.4 |
| d-bus_project | d-bus | 1.2.4.6 |
| freedesktop | dbus | 1.4.1 |
| freedesktop | dbus | 1.4.4 |
| freedesktop | dbus | 1.2.14 |
| freedesktop | dbus | 1.2.24 |
| freedesktop | dbus | 1.2.26 |
| freedesktop | dbus | 1.2.6 |
| freedesktop | dbus | 1.2.16 |
| freedesktop | dbus | 1.2.1 |
| freedesktop | dbus | 1.4.0 |
| d-bus_project | d-bus | 1.2.4.2 |
| freedesktop | dbus | 1.4.10 |
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.2.20 |
| freedesktop | dbus | 1.2.10 |
| freedesktop | dbus | 1.2.14 |
| freedesktop | dbus | 1.2.3 |
| freedesktop | dbus | 1.2.12 |
| freedesktop | dbus | 1.2.24 |
| freedesktop | dbus | 1.2.26 |
| freedesktop | dbus | 1.2.8 |
| freedesktop | dbus | 1.2.18 |
| freedesktop | dbus | 1.2.6 |
| freedesktop | dbus | 1.2.22 |
| freedesktop | dbus | 1.2.16 |
| freedesktop | dbus | 1.2.1 |
| freedesktop | dbus | 1.2.4 |
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | colord | * |
| freedesktop | colord | 0.1.8 |
| freedesktop | colord | 0.1.12 |
| freedesktop | colord | 0.1.1 |
| freedesktop | colord | 0.1.11 |
| freedesktop | colord | 0.1.10 |
| freedesktop | colord | 0.1.2 |
| freedesktop | colord | 0.1.3 |
| freedesktop | colord | 0.1.9 |
| freedesktop | colord | 0.1.13 |
| freedesktop | colord | 0.1.7 |
| freedesktop | colord | 0.1.6 |
| freedesktop | colord | 0.1.5 |
| freedesktop | colord | 0.1.4 |
| freedesktop | colord | 0.1.0 |
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | libdbus | 1.5.4 |
| freedesktop | libdbus | 1.5.10 |
| freedesktop | libdbus | 1.5.0 |
| freedesktop | libdbus | 1.5.8 |
| freedesktop | libdbus | 1.5.2 |
| freedesktop | libdbus | 1.5.6 |
| freedesktop | libdbus | * |
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | spice-gtk | - |
| gtk | libgio | - |
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus-glib | 0.90 |
| freedesktop | dbus-glib | 0.94 |
| freedesktop | dbus-glib | 0.74 |
| freedesktop | dbus-glib | 0.92 |
| freedesktop | dbus-glib | * |
| freedesktop | dbus-glib | 0.86 |
| freedesktop | dbus-glib | 0.88 |
| freedesktop | dbus-glib | 0.84 |
| freedesktop | dbus-glib | 0.96 |
| freedesktop | dbus-glib | 0.72 |
| freedesktop | dbus-glib | 0.73 |
| freedesktop | dbus-glib | 0.76 |
| freedesktop | dbus-glib | 0.82 |
| freedesktop | dbus-glib | 0.80 |
| freedesktop | dbus-glib | 0.78 |
| freedesktop | dbus-glib | 0.98 |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.4.4 |
| freedesktop | dbus | 1.7.0 |
| freedesktop | dbus | 1.4.12 |
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.4.6 |
| freedesktop | dbus | 1.4.8 |
| freedesktop | dbus | 1.4.24 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.4.20 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.4.18 |
| freedesktop | dbus | 1.7.2 |
| freedesktop | dbus | 1.6.4 |
| freedesktop | dbus | 1.6.0 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.4.0 |
| freedesktop | dbus | 1.4.10 |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.6.16 |
| freedesktop | dbus | 1.4.1 |
| freedesktop | dbus | 1.4.14 |
| freedesktop | dbus | 1.4.16 |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.24.1 |
| freedesktop | poppler | * |
| freedesktop | poppler | 0.24.2 |
| freedesktop | poppler | 0.24.0 |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.8.4 |
| freedesktop | poppler | 0.3.3 |
| freedesktop | poppler | 0.8.2 |
| freedesktop | poppler | 0.20.5 |
| freedesktop | poppler | 0.18.0 |
| freedesktop | poppler | 0.12.1 |
| freedesktop | poppler | 0.4.4 |
| freedesktop | poppler | 0.22.0 |
| freedesktop | poppler | 0.20.0 |
| freedesktop | poppler | 0.19.0 |
| freedesktop | poppler | 0.13.2 |
| freedesktop | poppler | 0.21.4 |
| freedesktop | poppler | 0.22.2 |
| freedesktop | poppler | 0.15.0 |
| freedesktop | poppler | 0.11.1 |
| freedesktop | poppler | 0.20.1 |
| freedesktop | poppler | 0.23.4 |
| freedesktop | poppler | 0.10.7 |
| freedesktop | poppler | 0.12.0 |
| freedesktop | poppler | 0.15.1 |
| freedesktop | poppler | 0.3.2 |
| freedesktop | poppler | 0.21.1 |
| freedesktop | poppler | 0.5.2 |
| freedesktop | poppler | 0.8.5 |
| freedesktop | poppler | 0.6.1 |
| freedesktop | poppler | 0.1.1 |
| freedesktop | poppler | 0.18.4 |
| freedesktop | poppler | 0.16.5 |
| freedesktop | poppler | 0.5.91 |
| freedesktop | poppler | 0.20.3 |
| freedesktop | poppler | 0.16.6 |
| freedesktop | poppler | 0.23.0 |
| freedesktop | poppler | 0.12.2 |
| freedesktop | poppler | 0.7.1 |
| freedesktop | poppler | 0.6.0 |
| freedesktop | poppler | 0.7.3 |
| freedesktop | poppler | 0.11.3 |
| freedesktop | poppler | * |
| freedesktop | poppler | 0.19.2 |
| freedesktop | poppler | 0.10.4 |
| freedesktop | poppler | 0.15.3 |
| freedesktop | poppler | 0.12.4 |
| freedesktop | poppler | 0.17.0 |
| freedesktop | poppler | 0.23.2 |
| freedesktop | poppler | 0.20.2 |
| freedesktop | poppler | 0.17.4 |
| freedesktop | poppler | 0.16.1 |
| freedesktop | poppler | 0.14.3 |
| freedesktop | poppler | 0.21.0 |
| freedesktop | poppler | 0.24.0 |
| freedesktop | poppler | 0.21.3 |
| freedesktop | poppler | 0.3.1 |
| freedesktop | poppler | 0.9.3 |
| freedesktop | poppler | 0.10.5 |
| freedesktop | poppler | 0.19.3 |
| freedesktop | poppler | 0.20.4 |
| freedesktop | poppler | 0.13.4 |
| freedesktop | poppler | 0.4.0 |
| freedesktop | poppler | 0.21.2 |
| freedesktop | poppler | 0.1 |
| freedesktop | poppler | 0.14.1 |
| freedesktop | poppler | 0.16.7 |
| freedesktop | poppler | 0.10.0 |
| freedesktop | poppler | 0.8.0 |
| freedesktop | poppler | 0.16.2 |
| freedesktop | poppler | 0.2.0 |
| freedesktop | poppler | 0.17.2 |
| freedesktop | poppler | 0.8.3 |
| freedesktop | poppler | 0.5.4 |
| freedesktop | poppler | 0.5.1 |
| canonical | ubuntu_linux | 14.04 |
| freedesktop | poppler | 0.12.3 |
| freedesktop | poppler | 0.10.6 |
| freedesktop | poppler | 0.22.1 |
| freedesktop | poppler | 0.5.9 |
| freedesktop | poppler | 0.3.0 |
| freedesktop | poppler | 0.14.2 |
| canonical | ubuntu_linux | 12.04 |
| freedesktop | poppler | 0.18.3 |
| freedesktop | poppler | 0.22.3 |
| freedesktop | poppler | 0.18.2 |
| freedesktop | poppler | 0.5.0 |
| freedesktop | poppler | 0.4.3 |
| freedesktop | poppler | 0.10.1 |
| freedesktop | poppler | 0.23.1 |
| freedesktop | poppler | 0.22.4 |
| freedesktop | poppler | 0.23.3 |
| freedesktop | poppler | 0.19.4 |
| freedesktop | poppler | 0.16.4 |
| freedesktop | poppler | 0.5.90 |
| freedesktop | poppler | 0.15.2 |
| canonical | ubuntu_linux | 15.10 |
| freedesktop | poppler | 0.14.4 |
| freedesktop | poppler | 0.18.1 |
| freedesktop | poppler | 0.1.2 |
| freedesktop | poppler | 0.13.1 |
| freedesktop | poppler | 0.7.2 |
| freedesktop | poppler | 0.6.3 |
| freedesktop | poppler | 0.4.2 |
| freedesktop | poppler | 0.5.3 |
| freedesktop | poppler | 0.4.1 |
| freedesktop | poppler | 0.16.3 |
| freedesktop | poppler | 0.16.0 |
| freedesktop | poppler | 0.10.3 |
| freedesktop | poppler | 0.10.2 |
| freedesktop | poppler | 0.11.0 |
| freedesktop | poppler | 0.19.1 |
| freedesktop | poppler | 0.9.2 |
| freedesktop | poppler | 0.8.7 |
| freedesktop | poppler | 0.6.2 |
| freedesktop | poppler | 0.8.6 |
| freedesktop | poppler | 0.11.2 |
| freedesktop | poppler | 0.13.3 |
| freedesktop | poppler | 0.8.1 |
| freedesktop | poppler | 0.6.4 |
| freedesktop | poppler | 0.9.0 |
| freedesktop | poppler | 0.13.0 |
| freedesktop | poppler | 0.14.5 |
| freedesktop | poppler | 0.17.3 |
| freedesktop | poppler | 0.9.1 |
| freedesktop | poppler | 0.7.0 |
| freedesktop | poppler | 0.17.1 |
| freedesktop | poppler | 0.14.0 |
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.8.4 |
| freedesktop | poppler | 0.3.3 |
| freedesktop | poppler | 0.8.2 |
| freedesktop | poppler | 0.20.5 |
| freedesktop | poppler | 0.18.0 |
| freedesktop | poppler | 0.12.1 |
| freedesktop | poppler | 0.4.4 |
| freedesktop | poppler | 0.22.0 |
| freedesktop | poppler | 0.20.0 |
| freedesktop | poppler | 0.19.0 |
| freedesktop | poppler | 0.13.2 |
| freedesktop | poppler | 0.21.4 |
| freedesktop | poppler | 0.22.2 |
| freedesktop | poppler | 0.15.0 |
| freedesktop | poppler | 0.11.1 |
| freedesktop | poppler | 0.20.1 |
| freedesktop | poppler | 0.23.4 |
| freedesktop | poppler | 0.10.7 |
| freedesktop | poppler | 0.12.0 |
| freedesktop | poppler | 0.15.1 |
| freedesktop | poppler | 0.3.2 |
| freedesktop | poppler | 0.21.1 |
| freedesktop | poppler | 0.5.2 |
| freedesktop | poppler | 0.8.5 |
| freedesktop | poppler | 0.6.1 |
| freedesktop | poppler | 0.1.1 |
| freedesktop | poppler | 0.18.4 |
| freedesktop | poppler | 0.16.5 |
| freedesktop | poppler | 0.5.91 |
| freedesktop | poppler | 0.20.3 |
| freedesktop | poppler | 0.16.6 |
| freedesktop | poppler | 0.23.0 |
| freedesktop | poppler | 0.12.2 |
| freedesktop | poppler | 0.7.1 |
| freedesktop | poppler | 0.6.0 |
| freedesktop | poppler | 0.7.3 |
| freedesktop | poppler | 0.11.3 |
| freedesktop | poppler | * |
| freedesktop | poppler | 0.19.2 |
| freedesktop | poppler | 0.10.4 |
| freedesktop | poppler | 0.15.3 |
| freedesktop | poppler | 0.12.4 |
| freedesktop | poppler | 0.17.0 |
| freedesktop | poppler | 0.23.2 |
| freedesktop | poppler | 0.20.2 |
| freedesktop | poppler | 0.17.4 |
| freedesktop | poppler | 0.16.1 |
| freedesktop | poppler | 0.14.3 |
| freedesktop | poppler | 0.21.0 |
| freedesktop | poppler | 0.24.0 |
| freedesktop | poppler | 0.21.3 |
| freedesktop | poppler | 0.3.1 |
| freedesktop | poppler | 0.9.3 |
| freedesktop | poppler | 0.10.5 |
| freedesktop | poppler | 0.19.3 |
| freedesktop | poppler | 0.20.4 |
| freedesktop | poppler | 0.13.4 |
| freedesktop | poppler | 0.4.0 |
| freedesktop | poppler | 0.21.2 |
| freedesktop | poppler | 0.1 |
| freedesktop | poppler | 0.14.1 |
| freedesktop | poppler | 0.16.7 |
| freedesktop | poppler | 0.10.0 |
| freedesktop | poppler | 0.8.0 |
| freedesktop | poppler | 0.16.2 |
| freedesktop | poppler | 0.2.0 |
| freedesktop | poppler | 0.17.2 |
| freedesktop | poppler | 0.8.3 |
| freedesktop | poppler | 0.5.4 |
| freedesktop | poppler | 0.5.1 |
| canonical | ubuntu_linux | 14.04 |
| freedesktop | poppler | 0.12.3 |
| freedesktop | poppler | 0.10.6 |
| freedesktop | poppler | 0.22.1 |
| freedesktop | poppler | 0.5.9 |
| freedesktop | poppler | 0.3.0 |
| freedesktop | poppler | 0.14.2 |
| canonical | ubuntu_linux | 12.04 |
| freedesktop | poppler | 0.18.3 |
| freedesktop | poppler | 0.22.3 |
| freedesktop | poppler | 0.18.2 |
| freedesktop | poppler | 0.5.0 |
| freedesktop | poppler | 0.4.3 |
| freedesktop | poppler | 0.10.1 |
| freedesktop | poppler | 0.23.1 |
| freedesktop | poppler | 0.22.4 |
| freedesktop | poppler | 0.23.3 |
| freedesktop | poppler | 0.19.4 |
| freedesktop | poppler | 0.16.4 |
| freedesktop | poppler | 0.5.90 |
| freedesktop | poppler | 0.15.2 |
| canonical | ubuntu_linux | 15.10 |
| freedesktop | poppler | 0.14.4 |
| freedesktop | poppler | 0.18.1 |
| freedesktop | poppler | 0.1.2 |
| freedesktop | poppler | 0.13.1 |
| freedesktop | poppler | 0.7.2 |
| freedesktop | poppler | 0.6.3 |
| freedesktop | poppler | 0.4.2 |
| freedesktop | poppler | 0.5.3 |
| freedesktop | poppler | 0.4.1 |
| freedesktop | poppler | 0.16.3 |
| freedesktop | poppler | 0.16.0 |
| freedesktop | poppler | 0.10.3 |
| freedesktop | poppler | 0.10.2 |
| freedesktop | poppler | 0.11.0 |
| freedesktop | poppler | 0.19.1 |
| freedesktop | poppler | 0.9.2 |
| freedesktop | poppler | 0.8.7 |
| freedesktop | poppler | 0.6.2 |
| freedesktop | poppler | 0.8.6 |
| freedesktop | poppler | 0.11.2 |
| freedesktop | poppler | 0.13.3 |
| freedesktop | poppler | 0.8.1 |
| freedesktop | poppler | 0.6.4 |
| freedesktop | poppler | 0.9.0 |
| freedesktop | poppler | 0.13.0 |
| freedesktop | poppler | 0.14.5 |
| freedesktop | poppler | 0.17.3 |
| freedesktop | poppler | 0.9.1 |
| freedesktop | poppler | 0.7.0 |
| freedesktop | poppler | 0.17.1 |
| freedesktop | poppler | 0.14.0 |
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.14.1 |
| freedesktop | poppler | 0.16.7 |
| freedesktop | poppler | 0.10.0 |
| freedesktop | poppler | 0.16.2 |
| freedesktop | poppler | 0.2.0 |
| freedesktop | poppler | 0.17.2 |
| freedesktop | poppler | 0.20.5 |
| freedesktop | poppler | 0.18.0 |
| freedesktop | poppler | 0.12.1 |
| freedesktop | poppler | 0.12.3 |
| freedesktop | poppler | 0.10.6 |
| freedesktop | poppler | 0.22.0 |
| freedesktop | poppler | 0.22.1 |
| freedesktop | poppler | 0.20.0 |
| freedesktop | poppler | 0.19.0 |
| freedesktop | poppler | 0.13.2 |
| freedesktop | poppler | 0.21.4 |
| freedesktop | poppler | 0.22.2 |
| freedesktop | poppler | 0.15.0 |
| freedesktop | poppler | 0.11.1 |
| freedesktop | poppler | 0.14.2 |
| freedesktop | poppler | 0.20.1 |
| freedesktop | poppler | 0.23.4 |
| freedesktop | poppler | 0.18.3 |
| freedesktop | poppler | 0.22.3 |
| freedesktop | poppler | 0.18.2 |
| freedesktop | poppler | 0.10.7 |
| freedesktop | poppler | 0.10.1 |
| freedesktop | poppler | 0.12.0 |
| freedesktop | poppler | 0.15.1 |
| freedesktop | poppler | 0.23.1 |
| freedesktop | poppler | 0.22.4 |
| freedesktop | poppler | 0.23.3 |
| freedesktop | poppler | 0.19.4 |
| freedesktop | poppler | 0.16.4 |
| freedesktop | poppler | 0.21.1 |
| freedesktop | poppler | 0.15.2 |
| freedesktop | poppler | 0.1.1 |
| freedesktop | poppler | 0.18.4 |
| freedesktop | poppler | 0.16.5 |
| freedesktop | poppler | 0.20.3 |
| freedesktop | poppler | 0.14.4 |
| freedesktop | poppler | 0.18.1 |
| freedesktop | poppler | 0.1.2 |
| freedesktop | poppler | 0.16.6 |
| freedesktop | poppler | 0.23.0 |
| freedesktop | poppler | 0.24.1 |
| freedesktop | poppler | 0.12.2 |
| freedesktop | poppler | 0.13.1 |
| freedesktop | poppler | 0.11.3 |
| freedesktop | poppler | * |
| freedesktop | poppler | 0.19.2 |
| freedesktop | poppler | 0.10.4 |
| freedesktop | poppler | 0.15.3 |
| freedesktop | poppler | 0.12.4 |
| freedesktop | poppler | 0.16.3 |
| freedesktop | poppler | 0.16.0 |
| freedesktop | poppler | 0.17.0 |
| freedesktop | poppler | 0.23.2 |
| freedesktop | poppler | 0.10.3 |
| freedesktop | poppler | 0.20.2 |
| freedesktop | poppler | 0.10.2 |
| freedesktop | poppler | 0.11.0 |
| freedesktop | poppler | 0.17.4 |
| freedesktop | poppler | 0.19.1 |
| freedesktop | poppler | 0.16.1 |
| freedesktop | poppler | 0.14.3 |
| freedesktop | poppler | 0.21.0 |
| freedesktop | poppler | 0.24.0 |
| freedesktop | poppler | 0.21.3 |
| freedesktop | poppler | 0.11.2 |
| freedesktop | poppler | 0.10.5 |
| freedesktop | poppler | 0.13.3 |
| freedesktop | poppler | 0.19.3 |
| freedesktop | poppler | 0.13.0 |
| freedesktop | poppler | 0.24.2 |
| freedesktop | poppler | 0.14.5 |
| freedesktop | poppler | 0.17.3 |
| freedesktop | poppler | 0.20.4 |
| freedesktop | poppler | 0.13.4 |
| freedesktop | poppler | 0.21.2 |
| freedesktop | poppler | 0.1 |
| freedesktop | poppler | 0.17.1 |
| freedesktop | poppler | 0.14.0 |
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.10 |
| canonical | ubuntu_linux | 13.10 |
| freedesktop | udisks | * |
| freedesktop | udisks | 1.0.1 |
| freedesktop | udisks | 2.0.90 |
| freedesktop | udisks | 2.0.92 |
| freedesktop | udisks | 2.1.2 |
| canonical | ubuntu_linux | 12.04 |
| freedesktop | udisks | 2.0.0 |
| freedesktop | udisks | 2.0.91 |
| freedesktop | udisks | 2.1.1 |
| freedesktop | udisks | 1.0 |
| freedesktop | udisks | 2.1.0 |
| freedesktop | udisks | 2.0.1 |
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.4.22 |
| freedesktop | dbus | 1.2.20 |
| freedesktop | dbus | 1.2.10 |
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.4.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.2.3 |
| freedesktop | dbus | 1.4.8 |
| freedesktop | dbus | 1.2.12 |
| freedesktop | dbus | 1.2.8 |
| freedesktop | dbus | 1.2.18 |
| freedesktop | dbus | 1.2.22 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.4.20 |
| d-bus_project | d-bus | 1.2.4.4 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.6.4 |
| freedesktop | dbus | 1.2.4 |
| d-bus_project | d-bus | 1.2.4.6 |
| freedesktop | dbus | 1.6.16 |
| freedesktop | dbus | 1.4.1 |
| freedesktop | dbus | 1.4.4 |
| freedesktop | dbus | 1.3.0 |
| freedesktop | dbus | 1.4.12 |
| freedesktop | dbus | 1.2.14 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.2.24 |
| freedesktop | dbus | 1.2.26 |
| freedesktop | dbus | 1.3.1 |
| freedesktop | dbus | 1.4.26 |
| freedesktop | dbus | 1.4.24 |
| freedesktop | dbus | 1.2.28 |
| freedesktop | dbus | 1.2.6 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.2.16 |
| freedesktop | dbus | 1.2.1 |
| freedesktop | dbus | 1.4.18 |
| freedesktop | dbus | 1.2.30 |
| freedesktop | dbus | 1.6.0 |
| freedesktop | dbus | 1.4.0 |
| freedesktop | dbus | 1.8.2 |
| d-bus_project | d-bus | 1.2.4.2 |
| freedesktop | dbus | 1.4.10 |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.4.14 |
| freedesktop | dbus | 1.4.16 |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | * |
| mageia | mageia | 3.0 |
| debian | debian_linux | 7.0 |
| opensuse | opensuse | 12.3 |
| mageia | mageia | 4.0 |
| oracle | solaris | 11.3 |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.5.2 |
| freedesktop | dbus | 1.4.22 |
| debian | debian_linux | 7.0 |
| freedesktop | dbus | 1.5.10 |
| freedesktop | dbus | 1.4.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.4.8 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.4.20 |
| freedesktop | dbus | 1.5.0 |
| freedesktop | dbus | 1.6.18 |
| mageia_project | mageia | 3 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.5.6 |
| freedesktop | dbus | 1.6.16 |
| freedesktop | dbus | 1.4.1 |
| freedesktop | dbus | 1.5.8 |
| freedesktop | dbus | 1.4.4 |
| freedesktop | dbus | 1.3.0 |
| freedesktop | dbus | 1.4.12 |
| freedesktop | dbus | 1.5.12 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.3.1 |
| freedesktop | dbus | 1.4.26 |
| freedesktop | dbus | 1.4.24 |
| freedesktop | dbus | 1.6.10 |
| mageia_project | mageia | 4 |
| freedesktop | dbus | 1.4.18 |
| freedesktop | dbus | 1.6.0 |
| freedesktop | dbus | 1.5.4 |
| freedesktop | dbus | 1.4.0 |
| freedesktop | dbus | 1.8.2 |
| freedesktop | dbus | 1.4.10 |
| freedesktop | dbus | 1.4.14 |
| freedesktop | dbus | 1.4.16 |
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.6.4 |
| freedesktop | dbus | 1.6.0 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.8.2 |
| d-bus_project | d-bus | * |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.6.16 |
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.8.0 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.8.2 |
| d-bus_project | d-bus | * |
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
CVSS 2.0
Severity: LOW
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.5.2 |
| freedesktop | dbus | 1.4.22 |
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.5.10 |
| freedesktop | dbus | 1.4.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.4.8 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.4.20 |
| freedesktop | dbus | 1.5.0 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.6.4 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.5.6 |
| freedesktop | dbus | 1.6.16 |
| freedesktop | dbus | 1.4.1 |
| freedesktop | dbus | 1.5.8 |
| freedesktop | dbus | 1.4.4 |
| freedesktop | dbus | 1.3.0 |
| freedesktop | dbus | 1.4.12 |
| freedesktop | dbus | 1.5.12 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.3.1 |
| freedesktop | dbus | 1.4.26 |
| freedesktop | dbus | 1.4.24 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.4.18 |
| freedesktop | dbus | 1.6.0 |
| freedesktop | dbus | 1.5.4 |
| freedesktop | dbus | 1.4.0 |
| freedesktop | dbus | 1.8.2 |
| freedesktop | dbus | 1.6.22 |
| freedesktop | dbus | 1.4.10 |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.4.14 |
| freedesktop | dbus | 1.4.16 |
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.6.4 |
| freedesktop | dbus | 1.6.0 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.8.2 |
| d-bus_project | d-bus | * |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.6.16 |
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.6.4 |
| freedesktop | dbus | 1.6.0 |
| opensuse | opensuse | 12.3 |
| freedesktop | dbus | 1.8.2 |
| d-bus_project | d-bus | * |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.6.16 |
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.6.24 |
| canonical | ubuntu_linux | 14.10 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.6.2 |
| canonical | ubuntu_linux | 14.04 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.6.4 |
| mageia_project | mageia | 3 |
| freedesktop | dbus | 1.6.16 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.6.12 |
| canonical | ubuntu_linux | 12.04 |
| freedesktop | dbus | 1.6.10 |
| mageia_project | mageia | 4 |
| freedesktop | dbus | 1.8.8 |
| freedesktop | dbus | 1.6.0 |
| freedesktop | dbus | 1.8.2 |
| freedesktop | dbus | 1.6.22 |
| freedesktop | dbus | 1.9.0 |
| debian | debian_linux | 8.0 |
| freedesktop | dbus | 1.6.8 |
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.1 |
| freedesktop | dbus | 1.4.6 |
| freedesktop | dbus | 1.8.0 |
| freedesktop | dbus | 1.9.8 |
| freedesktop | dbus | 1.4.8 |
| freedesktop | dbus | 1.6.20 |
| freedesktop | dbus | 1.4.20 |
| freedesktop | dbus | 1.5.0 |
| freedesktop | dbus | 1.6.4 |
| freedesktop | dbus | 1.8.12 |
| freedesktop | dbus | 1.5.6 |
| freedesktop | dbus | 1.4.4 |
| freedesktop | dbus | 1.4.12 |
| opensuse | opensuse | 13.2 |
| freedesktop | dbus | 1.6.12 |
| freedesktop | dbus | 1.4.24 |
| freedesktop | dbus | 1.6.10 |
| freedesktop | dbus | 1.4.18 |
| freedesktop | dbus | 1.8.8 |
| freedesktop | dbus | 1.9.0 |
| freedesktop | dbus | 1.4.10 |
| freedesktop | dbus | 1.4.16 |
| freedesktop | dbus | 1.5.2 |
| freedesktop | dbus | 1.6.6 |
| freedesktop | dbus | 1.5.10 |
| freedesktop | dbus | 1.6.14 |
| freedesktop | dbus | 1.6.28 |
| freedesktop | dbus | 1.6.24 |
| freedesktop | dbus | 1.9.6 |
| freedesktop | dbus | 1.8.10 |
| freedesktop | dbus | 1.6.2 |
| freedesktop | dbus | 1.6.18 |
| freedesktop | dbus | 1.8.6 |
| freedesktop | dbus | 1.9.4 |
| freedesktop | dbus | 1.6.16 |
| freedesktop | dbus | 1.4.1 |
| freedesktop | dbus | 1.5.8 |
| freedesktop | dbus | 1.9.2 |
| freedesktop | dbus | 1.5.12 |
| freedesktop | dbus | 1.6.26 |
| freedesktop | dbus | 1.8.4 |
| freedesktop | dbus | 1.4.26 |
| freedesktop | dbus | 1.8.14 |
| freedesktop | dbus | 1.6.0 |
| freedesktop | dbus | 1.5.4 |
| freedesktop | dbus | 1.4.0 |
| freedesktop | dbus | 1.8.2 |
| freedesktop | dbus | 1.6.22 |
| freedesktop | dbus | 1.6.8 |
| freedesktop | dbus | 1.4.14 |
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | xdg-utils | 1.1.0 |
| debian | debian_linux | 8.0 |
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.10 |
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 23 |
| freedesktop | poppler | 0.39.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| canonical | ubuntu_linux | 18.04 |
| freedesktop | libbsd | * |
| canonical | ubuntu_linux | 19.04 |
| fedoraproject | fedora | 25 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | 1.1 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-116,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| freedesktop | polkit | * |
| redhat | enterprise_linux | 7.0 |
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | poppler | 0.60.1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
| debian | debian_linux | 9.0 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
| debian | debian_linux | 9.0 |
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.59.0 |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | poppler | 0.59.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | poppler | 0.59.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | poppler | 0.59.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| freedesktop | xdg-user-dirs | * |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| freedesktop | poppler | 0.59.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 17.10 |
| freedesktop | xdg-utils | * |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 14.04 |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 17.10 |
| redhat | ansible_tower | 3.3 |
| canonical | ubuntu_linux | 18.04 |
| freedesktop | poppler | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
CVSS 2.0
Severity: LOW
Problem Type: CWE-331,CWE-331,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| freedesktop | libice | * |
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.53.0 |
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.53.0 |
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.53.0 |
Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.
CVSS 2.0
Severity: LOW
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | virglrenderer | * |
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.20.5 |
| freedesktop | poppler | 0.18.0 |
| freedesktop | poppler | 0.29.0 |
| freedesktop | poppler | 0.42.0 |
| freedesktop | poppler | 0.22.0 |
| freedesktop | poppler | 0.22.1 |
| freedesktop | poppler | 0.20.0 |
| freedesktop | poppler | 0.19.0 |
| freedesktop | poppler | 0.21.4 |
| freedesktop | poppler | 0.22.2 |
| freedesktop | poppler | 0.31.0 |
| freedesktop | poppler | 0.33.0 |
| freedesktop | poppler | 0.54.0 |
| freedesktop | poppler | 0.45.0 |
| freedesktop | poppler | 0.20.1 |
| freedesktop | poppler | 0.23.4 |
| freedesktop | poppler | 0.25.1 |
| freedesktop | poppler | 0.39.0 |
| freedesktop | poppler | 0.43.0 |
| freedesktop | poppler | 0.26.5 |
| freedesktop | poppler | 0.18.3 |
| freedesktop | poppler | 0.22.3 |
| freedesktop | poppler | 0.26.3 |
| freedesktop | poppler | 0.53.0 |
| freedesktop | poppler | 0.18.2 |
| freedesktop | poppler | 0.52.0 |
| freedesktop | poppler | 0.23.1 |
| freedesktop | poppler | 0.22.4 |
| freedesktop | poppler | 0.23.3 |
| freedesktop | poppler | 0.19.4 |
| freedesktop | poppler | 0.50.0 |
| freedesktop | poppler | 0.24.4 |
| freedesktop | poppler | 0.21.1 |
| freedesktop | poppler | 0.26.4 |
| freedesktop | poppler | 0.37.0 |
| freedesktop | poppler | 0.55.0 |
| freedesktop | poppler | 0.30.0 |
| freedesktop | poppler | 0.18.4 |
| freedesktop | poppler | 0.47.0 |
| freedesktop | poppler | 0.25.0 |
| freedesktop | poppler | 0.44.0 |
| freedesktop | poppler | 0.20.3 |
| freedesktop | poppler | 0.49.0 |
| freedesktop | poppler | 0.26.2 |
| freedesktop | poppler | 0.18.1 |
| freedesktop | poppler | 0.23.0 |
| freedesktop | poppler | 0.46.0 |
| freedesktop | poppler | 0.24.1 |
| freedesktop | poppler | 0.25.3 |
| freedesktop | poppler | 0.38.0 |
| freedesktop | poppler | 0.22.5 |
| freedesktop | poppler | 0.28.1 |
| freedesktop | poppler | 0.26.1 |
| freedesktop | poppler | 0.28.0 |
| freedesktop | poppler | 0.19.2 |
| freedesktop | poppler | 0.36.0 |
| freedesktop | poppler | 0.24.3 |
| freedesktop | poppler | 0.23.2 |
| freedesktop | poppler | 0.20.2 |
| freedesktop | poppler | 0.35.0 |
| freedesktop | poppler | 0.17.4 |
| freedesktop | poppler | 0.19.1 |
| freedesktop | poppler | 0.21.0 |
| freedesktop | poppler | 0.24.0 |
| freedesktop | poppler | 0.21.3 |
| freedesktop | poppler | 0.41.0 |
| freedesktop | poppler | 0.32.0 |
| freedesktop | poppler | 0.19.3 |
| freedesktop | poppler | 0.25.2 |
| freedesktop | poppler | 0.24.2 |
| freedesktop | poppler | 0.17.3 |
| freedesktop | poppler | 0.20.4 |
| freedesktop | poppler | 0.26.0 |
| freedesktop | poppler | 0.21.2 |
| freedesktop | poppler | 0.48.0 |
| freedesktop | poppler | 0.34.0 |
| freedesktop | poppler | 0.40.0 |
| freedesktop | poppler | 0.24.5 |
| freedesktop | poppler | 0.51.0 |
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.54.0 |
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.54.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.54.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.4 |
| freedesktop | poppler | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| freedesktop | poppler | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.54.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | ansible_tower | 3.3 |
| freedesktop | poppler | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 14.04 |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| freedesktop | poppler | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | openshift_container_platform | 3.11 |
| canonical | ubuntu_linux | 14.04 |
| redhat | ansible_tower | 3.3.0 |
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | accountsservice | * |
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| freedesktop | poppler | 0.68.0 |
| canonical | ubuntu_linux | 14.04 |
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| freedesktop | udisks | 2.8.0 |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| freedesktop | poppler | 0.71.0 |
| redhat | enterprise_linux_eus | 8.1 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server | 7.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-670,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | poppler | 0.71.0 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux_server | 7.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 14.04 |
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | poppler | 0.71.0 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | poppler | 0.71.0 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| freedesktop | poppler | * |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | poppler | 0.72.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | poppler | 0.72.0 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | poppler | 0.72.0 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.4 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server | 7.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_eus | 8.2 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 8.4 |
| fedoraproject | fedora | 28 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| fedoraproject | fedora | 29 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_eus | 8.2 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| freedesktop | poppler | 0.72.0 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_server_aus | 8.2 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server_tus | 8.2 |
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.74.0 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.74.0 |
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.74.0 |
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 29 |
| fedoraproject | fedora | 30 |
| freedesktop | poppler | 0.75.0 |
| fedoraproject | fedora | 28 |
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| freedesktop | dbus | * |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| freedesktop | poppler | * |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 31 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 9.0 |
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| freedesktop | libbsd | * |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 14.04 |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| freedesktop | poppler | 0.73.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 8.4 |
| canonical | ubuntu_linux | 14.04 |
| fedoraproject | fedora | 28 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_eus | 8.2 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_tus | 8.2 |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| freedesktop | poppler | 0.74.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.74.0 |
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.74.0 |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 29 |
| freedesktop | poppler | 0.74.0 |
| fedoraproject | fedora | 30 |
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 28 |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| freedesktop | poppler | 0.74.0 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.4 |
| fedoraproject | fedora | 28 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| fedoraproject | fedora | 29 |
| redhat | enterprise_linux_eus | 8.1 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.2 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| fedoraproject | fedora | 29 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.2 |
| freedesktop | poppler | * |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.2 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | * |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 14.04 |
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| security@ubuntu.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-269,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | accountsservice | * |
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 2.8 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L | 1.3 | 1.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | accountsservice | * |
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.75.0 |
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 0.89.0 |
| debian | debian_linux | 10.0 |
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-201,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | xdg-utils | * |
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-824,CWE-824,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux | 8.0 |
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.12.20 |
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 20.12.1 |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 20.12.1 |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 20.12.1 |
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | mac_os_x | * |
| xpdfreader | xpdf | * |
| freedesktop | poppler | * |
| apple | watchos | * |
| apple | iphone_os | * |
| apple | ipados | * |
| apple | macos | * |
| apple | mac_os_x | 10.15.7 |
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | gst-plugins-bad | * |
A format string vulnerability was found in libinput
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | libinput | * |
| freedesktop | libinput | 1.20.0 |
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 36 |
| debian | debian_linux | 11.0 |
| freedesktop | poppler | 22.03.0 |
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | freetype_demo_programs | * |
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 22.07.0 |
| debian | debian_linux | 10.0 |
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 22.07.0 |
| debian | debian_linux | 10.0 |
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 22.07.0 |
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
| xpdfreader | xpdf | 4.04 |
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | 22.08.0 |
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| freedesktop | poppler | * |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 36 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | xdg-utils | * |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | * |
| fedoraproject | fedora | 35 |
| d-bus_project | d-bus | * |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | * |
| fedoraproject | fedora | 35 |
| d-bus_project | d-bus | * |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | * |
| fedoraproject | fedora | 35 |
| d-bus_project | d-bus | * |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | * |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 38 |
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| freedesktop | poppler | * |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cve@mitre.org | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.5 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.5 | 1.4 |
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 4.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N | 2.5 | 1.4 |
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | poppler | * |
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 10.0 |
| freedesktop | udisks | 2.0.0 |
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 10.0 |
| freedesktop | udisks | 2.0.0 |
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freedesktop | libinput | * |
| fedoraproject | fedora | 43 |
| fedoraproject | fedora | 44 |