Search CVE reports
21 – 30 of 45 results
CVE-2009-0147
Medium prioritySome fixes available 21 of 58
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...
14 affected packages
cups, cupsys, evince, gpdf, ipe...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | Not affected |
| cupsys | — | — | — | — | Not in release |
| evince | — | — | — | — | Not affected |
| gpdf | — | — | — | — | Not in release |
| ipe | — | — | — | — | Not affected |
| kdegraphics | — | — | — | — | Not in release |
| koffice | — | — | — | — | Not in release |
| libextractor | — | — | — | — | Not affected |
| pdfkit.framework | — | — | — | — | Not in release |
| pdftohtml | — | — | — | — | Not in release |
| poppler | — | — | — | — | Fixed |
| tetex-bin | — | — | — | — | Not in release |
| texlive-bin | — | — | — | — | Not affected |
| xpdf | — | — | — | — | Not affected |
CVE-2009-0146
Medium prioritySome fixes available 21 of 51
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...
14 affected packages
cups, cupsys, evince, gpdf, ipe...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | Not affected |
| cupsys | — | — | — | — | Not in release |
| evince | — | — | — | — | Not affected |
| gpdf | — | — | — | — | Not in release |
| ipe | — | — | — | — | Not affected |
| kdegraphics | — | — | — | — | Not in release |
| koffice | — | — | — | — | Not in release |
| libextractor | — | — | — | — | Not affected |
| pdfkit.framework | — | — | — | — | Not in release |
| pdftohtml | — | — | — | — | Not in release |
| poppler | — | — | — | — | Fixed |
| tetex-bin | — | — | — | — | Not in release |
| texlive-bin | — | — | — | — | Not affected |
| xpdf | — | — | — | — | Not affected |
CVE-2008-2950
Low prioritySome fixes available 2 of 13
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
CVE-2008-1693
Medium prioritySome fixes available 10 of 26
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote...
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
CVE-2007-5937
Medium prioritySome fixes available 4 of 6
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
2 affected packages
tetex-bin, texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
CVE-2007-5936
Low prioritySome fixes available 4 of 6
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
2 affected packages
tetex-bin, texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
CVE-2007-5935
Medium prioritySome fixes available 4 of 6
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
2 affected packages
tetex-bin, texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
CVE-2007-5393
Medium prioritySome fixes available 25 of 36
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
13 affected packages
cups, cupsys, gpdf, ipe, kdegraphics...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | — |
| cupsys | — | — | — | — | — |
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
CVE-2007-5392
Medium prioritySome fixes available 25 of 36
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
13 affected packages
cups, cupsys, gpdf, ipe, kdegraphics...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | — |
| cupsys | — | — | — | — | — |
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
CVE-2007-4352
Medium prioritySome fixes available 25 of 36
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and...
13 affected packages
cups, cupsys, gpdf, ipe, kdegraphics...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | — |
| cupsys | — | — | — | — | — |
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |