Gentoo Linux Security Advisory 201402-17 - Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Versions less than or equal to 3.02-r4 are affected.
1f006b1e25e6174b446336d6d342e87c3bc6c5a1719a0776210c16b2b5afe4caGentoo Linux Security Advisory 201310-3 - Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.
16eefcedc1f920563836019127836503bea995cfd0361da741d9651c6c38a920Mandriva Linux Security Advisory 2012-144 - Multiple vulnerabilities has been found and corrected in tetex. The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
5c8b23cd2ecf83077e06d18f8f80cd038b4b0c331dd6a9baa869678d5a8dcadfRed Hat Security Advisory 2012-1201-01 - teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX.
d3248156611725ad0fff7bd788cea1045887a17ec5ff1a6e89904341be92c76eDebian Linux Security Advisory 2135-1 - Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
08e2892b20cf323e7d84e2a17b2b6793fa3d3356402e188b531beab256a6b2acMandriva Linux Security Advisory 2010-231 - The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via a PDF file that triggers an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. The updated packages have been patched to correct these issues.
bda0eac3fcc6a27bd488c2139b589c44ca9949767c942af7f2231ba7fa93ed4fMandriva Linux Security Advisory 2010-230 - The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption.
e9987008241858cdc47d939a6ed07854b592b833cbc729fda00bb009ede7dc7aMandriva Linux Security Advisory 2010-229 - The Gfx::getPos function in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. The updated packages have been patched to correct these issues.
0284f82e91807e1c0672171f87b87c2b401535241a197f83d996bf4d95e65c31Mandriva Linux Security Advisory 2010-228 - The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption.
c7ea73badedcb929836bc2e5219cb5022c017b5fe4230268ae2adb6ce52c2932Ubuntu Security Notice 1005-1 - It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
aa17a3eeb716db23502d1975ca7e931f955fb299819a5f2e41cd2eefe2cc7f1e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed