rpm package
opensuse/poppler&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/poppler&distro=openSUSE%20Tumbleweed
Vulnerabilities (34)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-1187 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). | ||
| CVE-2009-1183 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | ||
| CVE-2009-1182 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | ||
| CVE-2009-1181 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | ||
| CVE-2009-1180 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | ||
| CVE-2009-1179 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. | ||
| CVE-2009-0800 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | ||
| CVE-2009-0799 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. | ||
| CVE-2008-2950 | — | < 21.08.0-1.3 | 21.08.0-1.3 | Jul 7, 2008 | The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. | ||
| CVE-2007-5393 | — | < 21.08.0-1.3 | 21.08.0-1.3 | Nov 8, 2007 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. | ||
| CVE-2007-5392 | — | < 21.08.0-1.3 | 21.08.0-1.3 | Nov 8, 2007 | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | ||
| CVE-2007-4352 | — | < 21.08.0-1.3 | 21.08.0-1.3 | Nov 8, 2007 | Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | ||
| CVE-2007-0104 | — | < 21.08.0-1.3 | 21.08.0-1.3 | Jan 9, 2007 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution | ||
| CVE-2006-0301 | — | < 21.08.0-1.3 | 21.08.0-1.3 | Jan 30, 2006 | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce ce |
- CVE-2009-1187Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
- CVE-2009-1183Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
- CVE-2009-1182Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-1181Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
- CVE-2009-1180Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
- CVE-2009-1179Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-0800Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-0799Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
- CVE-2008-2950Jul 7, 2008affected < 21.08.0-1.3fixed 21.08.0-1.3
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
- CVE-2007-5393Nov 8, 2007affected < 21.08.0-1.3fixed 21.08.0-1.3
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
- CVE-2007-5392Nov 8, 2007affected < 21.08.0-1.3fixed 21.08.0-1.3
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
- CVE-2007-4352Nov 8, 2007affected < 21.08.0-1.3fixed 21.08.0-1.3
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
- CVE-2007-0104Jan 9, 2007affected < 21.08.0-1.3fixed 21.08.0-1.3
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution
- CVE-2006-0301Jan 30, 2006affected < 21.08.0-1.3fixed 21.08.0-1.3
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce ce
Page 2 of 2