Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

41 – 50 of 197 results


CVE-2019-9959

Low priority

Some fixes available 2 of 15

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size...

2 affected packages

emscripten, poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emscripten Ignored Ignored Not in release Ignored Ignored
poppler Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-13291

Medium priority
Ignored

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an...

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13289

Medium priority
Ignored

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13288

Medium priority
Ignored

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13287

Medium priority
Ignored

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool....

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13286

Medium priority
Ignored

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might...

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13283

Low priority

Some fixes available 1 of 8

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for...

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Fixed
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13282

Medium priority
Ignored

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the...

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-13281

Medium priority
Ignored

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool....

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Not affected Not affected Not affected Not affected
xpdf Not affected Not in release Not affected Not affected
Show less packages

CVE-2019-12958

Medium priority

Some fixes available 12 of 19

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one...

4 affected packages

ipe, libextractor, poppler, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ipe Not affected Not affected Not affected Not affected
libextractor Not affected Not affected Not affected Not affected
poppler Fixed Fixed Fixed Fixed
xpdf Not affected Not in release Not affected Not affected
Show less packages