Search CVE reports
21 – 30 of 49 results
CVE-2009-0800
Medium prioritySome fixes available 35 of 78
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
14 affected packages
cups, cupsys, evince, gpdf, ipe...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | Not affected | Not affected | Not affected | Not affected |
cupsys | — | Not in release | Not in release | Not in release | Not in release |
evince | — | Not affected | Not affected | Not affected | Not affected |
gpdf | — | Not in release | Not in release | Not in release | Not in release |
ipe | — | Not affected | Not affected | Not affected | Not affected |
kdegraphics | — | Not in release | Not in release | Not in release | Not in release |
koffice | — | Not in release | Not in release | Not in release | Not in release |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | — | Not in release | Not in release | Not in release | Not in release |
pdftohtml | — | Not in release | Not in release | Not in release | Not in release |
poppler | — | Fixed | Fixed | Fixed | Fixed |
tetex-bin | — | Not in release | Not in release | Not in release | Not in release |
texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2009-0799
Medium prioritySome fixes available 35 of 78
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
14 affected packages
cups, cupsys, evince, gpdf, ipe...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | Not affected | Not affected | Not affected | Not affected |
cupsys | — | Not in release | Not in release | Not in release | Not in release |
evince | — | Not affected | Not affected | Not affected | Not affected |
gpdf | — | Not in release | Not in release | Not in release | Not in release |
ipe | — | Not affected | Not affected | Not affected | Not affected |
kdegraphics | — | Not in release | Not in release | Not in release | Not in release |
koffice | — | Not in release | Not in release | Not in release | Not in release |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | — | Not in release | Not in release | Not in release | Not in release |
pdftohtml | — | Not in release | Not in release | Not in release | Not in release |
poppler | — | Fixed | Fixed | Fixed | Fixed |
tetex-bin | — | Not in release | Not in release | Not in release | Not in release |
texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2009-0195
Medium prioritySome fixes available 35 of 78
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | — | Not in release | Not in release | Not in release | Not in release |
ipe | — | Not affected | Not affected | Not affected | Not affected |
kdegraphics | — | Not in release | Not in release | Not in release | Not in release |
koffice | — | Not in release | Not in release | Not in release | Not in release |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | — | Not in release | Not in release | Not in release | Not in release |
pdftohtml | — | Not in release | Not in release | Not in release | Not in release |
poppler | — | Fixed | Fixed | Fixed | Fixed |
tetex-bin | — | Not in release | Not in release | Not in release | Not in release |
texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2009-0166
Medium prioritySome fixes available 35 of 78
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
14 affected packages
cups, cupsys, evince, gpdf, ipe...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | Not affected | Not affected | Not affected | Not affected |
cupsys | — | Not in release | Not in release | Not in release | Not in release |
evince | — | Not affected | Not affected | Not affected | Not affected |
gpdf | — | Not in release | Not in release | Not in release | Not in release |
ipe | — | Not affected | Not affected | Not affected | Not affected |
kdegraphics | — | Not in release | Not in release | Not in release | Not in release |
koffice | — | Not in release | Not in release | Not in release | Not in release |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | — | Not in release | Not in release | Not in release | Not in release |
pdftohtml | — | Not in release | Not in release | Not in release | Not in release |
poppler | — | Fixed | Fixed | Fixed | Fixed |
tetex-bin | — | Not in release | Not in release | Not in release | Not in release |
texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2009-0165
Low prioritySome fixes available 2 of 37
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | — | Not in release | Not in release | Not in release | Not in release |
ipe | — | Not affected | Not affected | Not affected | Not affected |
kdegraphics | — | Not in release | Not in release | Not in release | Not in release |
koffice | — | Not in release | Not in release | Not in release | Not in release |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | — | Not in release | Not in release | Not in release | Not in release |
pdftohtml | — | Not in release | Not in release | Not in release | Not in release |
poppler | — | Not affected | Not affected | Not affected | Not affected |
tetex-bin | — | Not in release | Not in release | Not in release | Not in release |
texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2009-0147
Medium prioritySome fixes available 21 of 58
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...
14 affected packages
cups, cupsys, evince, gpdf, ipe...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | Not affected |
cupsys | — | — | — | — | Not in release |
evince | — | — | — | — | Not affected |
gpdf | — | — | — | — | Not in release |
ipe | — | — | — | — | Not affected |
kdegraphics | — | — | — | — | Not in release |
koffice | — | — | — | — | Not in release |
libextractor | — | — | — | — | Not affected |
pdfkit.framework | — | — | — | — | Not in release |
pdftohtml | — | — | — | — | Not in release |
poppler | — | — | — | — | Fixed |
tetex-bin | — | — | — | — | Not in release |
texlive-bin | — | — | — | — | Not affected |
xpdf | — | — | — | — | Not affected |
CVE-2009-0146
Medium prioritySome fixes available 21 of 51
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...
14 affected packages
cups, cupsys, evince, gpdf, ipe...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | Not affected |
cupsys | — | — | — | — | Not in release |
evince | — | — | — | — | Not affected |
gpdf | — | — | — | — | Not in release |
ipe | — | — | — | — | Not affected |
kdegraphics | — | — | — | — | Not in release |
koffice | — | — | — | — | Not in release |
libextractor | — | — | — | — | Not affected |
pdfkit.framework | — | — | — | — | Not in release |
pdftohtml | — | — | — | — | Not in release |
poppler | — | — | — | — | Fixed |
tetex-bin | — | — | — | — | Not in release |
texlive-bin | — | — | — | — | Not affected |
xpdf | — | — | — | — | Not affected |
CVE-2008-2950
Low prioritySome fixes available 2 of 13
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | — | — | — | — | — |
ipe | — | — | — | — | — |
kdegraphics | — | — | — | — | — |
koffice | — | — | — | — | — |
libextractor | — | — | — | — | — |
pdfkit.framework | — | — | — | — | — |
pdftohtml | — | — | — | — | — |
poppler | — | — | — | — | — |
tetex-bin | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
xpdf | — | — | — | — | — |
CVE-2008-1693
Medium prioritySome fixes available 10 of 26
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote...
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | — | — | — | — | — |
ipe | — | — | — | — | — |
kdegraphics | — | — | — | — | — |
koffice | — | — | — | — | — |
libextractor | — | — | — | — | — |
pdfkit.framework | — | — | — | — | — |
pdftohtml | — | — | — | — | — |
poppler | — | — | — | — | — |
tetex-bin | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
xpdf | — | — | — | — | — |
CVE-2007-5393
Medium prioritySome fixes available 25 of 36
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
13 affected packages
cups, cupsys, gpdf, ipe, kdegraphics...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
gpdf | — | — | — | — | — |
ipe | — | — | — | — | — |
kdegraphics | — | — | — | — | — |
koffice | — | — | — | — | — |
libextractor | — | — | — | — | — |
pdfkit.framework | — | — | — | — | — |
pdftohtml | — | — | — | — | — |
poppler | — | — | — | — | — |
tetex-bin | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
xpdf | — | — | — | — | — |