Search CVE reports

171 – 180 of 185 results

Detailed view

Sort by:

CVE-2009-0195

Medium priority

Some fixes available 35 of 78

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

11 affected packages

gpdf, ipe, kdegraphics, koffice, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gpdf	—	Not in release	Not in release	Not in release	Not in release
ipe	—	Not affected	Not affected	Not affected	Not affected
kdegraphics	—	Not in release	Not in release	Not in release	Not in release
koffice	—	Not in release	Not in release	Not in release	Not in release
libextractor	—	Not affected	Not affected	Not affected	Not affected
pdfkit.framework	—	Not in release	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release	Not in release
poppler	—	Fixed	Fixed	Fixed	Fixed
tetex-bin	—	Not in release	Not in release	Not in release	Not in release
texlive-bin	—	Not affected	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected	Not affected

CVE-2009-0166

Medium priority

Some fixes available 35 of 78

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

14 affected packages

cups, cupsys, evince, gpdf, ipe...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cups	—	Not affected	Not affected	Not affected	Not affected
cupsys	—	Not in release	Not in release	Not in release	Not in release
evince	—	Not affected	Not affected	Not affected	Not affected
gpdf	—	Not in release	Not in release	Not in release	Not in release
ipe	—	Not affected	Not affected	Not affected	Not affected
kdegraphics	—	Not in release	Not in release	Not in release	Not in release
koffice	—	Not in release	Not in release	Not in release	Not in release
libextractor	—	Not affected	Not affected	Not affected	Not affected
pdfkit.framework	—	Not in release	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release	Not in release
poppler	—	Fixed	Fixed	Fixed	Fixed
tetex-bin	—	Not in release	Not in release	Not in release	Not in release
texlive-bin	—	Not affected	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected	Not affected

CVE-2009-0165

Low priority

Some fixes available 2 of 37

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

11 affected packages

gpdf, ipe, kdegraphics, koffice, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gpdf	—	Not in release	Not in release	Not in release	Not in release
ipe	—	Not affected	Not affected	Not affected	Not affected
kdegraphics	—	Not in release	Not in release	Not in release	Not in release
koffice	—	Not in release	Not in release	Not in release	Not in release
libextractor	—	Not affected	Not affected	Not affected	Not affected
pdfkit.framework	—	Not in release	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release	Not in release
poppler	—	Not affected	Not affected	Not affected	Not affected
tetex-bin	—	Not in release	Not in release	Not in release	Not in release
texlive-bin	—	Not affected	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected	Not affected

CVE-2009-0147

Medium priority

Some fixes available 21 of 58

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...

14 affected packages

cups, cupsys, evince, gpdf, ipe...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cups	—	—	—	—	Not affected
cupsys	—	—	—	—	Not in release
evince	—	—	—	—	Not affected
gpdf	—	—	—	—	Not in release
ipe	—	—	—	—	Not affected
kdegraphics	—	—	—	—	Not in release
koffice	—	—	—	—	Not in release
libextractor	—	—	—	—	Not affected
pdfkit.framework	—	—	—	—	Not in release
pdftohtml	—	—	—	—	Not in release
poppler	—	—	—	—	Fixed
tetex-bin	—	—	—	—	Not in release
texlive-bin	—	—	—	—	Not affected
xpdf	—	—	—	—	Not affected

CVE-2009-0146

Medium priority

Some fixes available 21 of 51

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...

14 affected packages

cups, cupsys, evince, gpdf, ipe...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cups	—	—	—	—	Not affected
cupsys	—	—	—	—	Not in release
evince	—	—	—	—	Not affected
gpdf	—	—	—	—	Not in release
ipe	—	—	—	—	Not affected
kdegraphics	—	—	—	—	Not in release
koffice	—	—	—	—	Not in release
libextractor	—	—	—	—	Not affected
pdfkit.framework	—	—	—	—	Not in release
pdftohtml	—	—	—	—	Not in release
poppler	—	—	—	—	Fixed
tetex-bin	—	—	—	—	Not in release
texlive-bin	—	—	—	—	Not affected
xpdf	—	—	—	—	Not affected

CVE-2009-1284

Low priority

Some fixes available 3 of 5

Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.

1 affected packages

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-bin	—	—	—	—	—

CVE-2008-2950

Low priority

Some fixes available 2 of 13

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

11 affected packages

gpdf, ipe, kdegraphics, koffice, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gpdf	—	—	—	—	—
ipe	—	—	—	—	—
kdegraphics	—	—	—	—	—
koffice	—	—	—	—	—
libextractor	—	—	—	—	—
pdfkit.framework	—	—	—	—	—
pdftohtml	—	—	—	—	—
poppler	—	—	—	—	—
tetex-bin	—	—	—	—	—
texlive-bin	—	—	—	—	—
xpdf	—	—	—	—	—

CVE-2008-1693

Medium priority

Some fixes available 10 of 26

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote...

11 affected packages

gpdf, ipe, kdegraphics, koffice, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gpdf	—	—	—	—	—
ipe	—	—	—	—	—
kdegraphics	—	—	—	—	—
koffice	—	—	—	—	—
libextractor	—	—	—	—	—
pdfkit.framework	—	—	—	—	—
pdftohtml	—	—	—	—	—
poppler	—	—	—	—	—
tetex-bin	—	—	—	—	—
texlive-bin	—	—	—	—	—
xpdf	—	—	—	—	—

CVE-2007-5937

Medium priority

Some fixes available 4 of 6

Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.

2 affected packages

tetex-bin, texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tetex-bin	—	—	—	—	—
texlive-bin	—	—	—	—	—

CVE-2007-5936

Low priority

Some fixes available 4 of 6

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.

2 affected packages

tetex-bin, texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tetex-bin	—	—	—	—	—
texlive-bin	—	—	—	—	—

Export to JSON

Results by page: