VYPR

rpm package

suse/poppler-qt&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (41)

  • CVE-2024-47850HigOct 4, 2024
    affected < 0.43.0-16.49.1fixed 0.43.0-16.49.1

    CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be use

  • CVE-2024-47176Sep 26, 2024
    affected < 0.43.0-16.49.1fixed 0.43.0-16.49.1

    CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any

  • CVE-2024-4141Apr 24, 2024
    affected < 0.43.0-16.46.1fixed 0.43.0-16.46.1

    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.

  • CVE-2022-48545Aug 22, 2023
    affected < 0.43.0-16.40.1fixed 0.43.0-16.40.1

    An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.

  • CVE-2022-38349Aug 22, 2023
    affected < 0.43.0-16.35.2fixed 0.43.0-16.35.2

    An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

  • CVE-2022-37052Aug 22, 2023
    affected < 0.43.0-16.40.1fixed 0.43.0-16.40.1

    A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

  • CVE-2022-37051Aug 22, 2023
    affected < 0.43.0-16.35.2fixed 0.43.0-16.35.2

    An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

  • CVE-2022-37050Aug 22, 2023
    affected < 0.43.0-16.35.2fixed 0.43.0-16.35.2

    In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom

  • CVE-2020-23804Aug 22, 2023
    affected < 0.43.0-16.35.2fixed 0.43.0-16.35.2

    Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

  • CVE-2020-36024Aug 11, 2023
    affected < 0.43.0-16.35.2fixed 0.43.0-16.35.2

    An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

  • CVE-2020-36023Aug 11, 2023
    affected < 0.43.0-16.40.1fixed 0.43.0-16.40.1

    An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

  • CVE-2022-38784Aug 30, 2022
    affected < 0.43.0-16.22.1fixed 0.43.0-16.22.1

    Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu

  • CVE-2022-27337May 5, 2022
    affected < 0.43.0-16.25.1fixed 0.43.0-16.25.1

    A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

  • CVE-2020-27778Dec 3, 2020
    affected < 0.43.0-16.19.3fixed 0.43.0-16.19.3

    A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

  • CVE-2019-16115Sep 8, 2019
    affected < 0.43.0-16.28.1fixed 0.43.0-16.28.1

    In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted P

  • CVE-2018-21009Sep 5, 2019
    affected < 0.43.0-16.25.1fixed 0.43.0-16.25.1

    Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

  • CVE-2019-14494Aug 1, 2019
    affected < 0.43.0-16.19.3fixed 0.43.0-16.19.3

    An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

  • CVE-2019-14292Jul 27, 2019
    affected < 0.43.0-16.40.1fixed 0.43.0-16.40.1

    An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

  • CVE-2019-9959Jul 22, 2019
    affected < 0.43.0-16.19.3fixed 0.43.0-16.19.3

    The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftoc

  • CVE-2019-13287Jul 4, 2019
    affected < 0.43.0-16.40.1fixed 0.43.0-16.40.1

    In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Di

Page 1 of 3