Search CVE reports

91 – 100 of 142 results

Detailed view

Sort by:

CVE-2009-1179

Medium priority

Some fixes available 35 of 78

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

14 affected packages

evince, cups, cupsys, gpdf, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
evince	—	Not affected	Not affected	Not affected
cups	—	Not affected	Not affected	Not affected
cupsys	—	Not in release	Not in release	Not in release
gpdf	—	Not in release	Not in release	Not in release
libextractor	—	Not affected	Not affected	Not affected
ipe	—	Not affected	Not affected	Not affected
kdegraphics	—	Not in release	Not in release	Not in release
koffice	—	Not in release	Not in release	Not in release
pdfkit.framework	—	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release
tetex-bin	—	Not in release	Not in release	Not in release
poppler	—	Fixed	Fixed	Fixed
texlive-bin	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2009-0800

Medium priority

Some fixes available 35 of 78

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

14 affected packages

cups, evince, gpdf, kdegraphics, koffice...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cups	—	Not affected	Not affected	Not affected
evince	—	Not affected	Not affected	Not affected
gpdf	—	Not in release	Not in release	Not in release
kdegraphics	—	Not in release	Not in release	Not in release
koffice	—	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release
poppler	—	Fixed	Fixed	Fixed
tetex-bin	—	Not in release	Not in release	Not in release
texlive-bin	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
cupsys	—	Not in release	Not in release	Not in release
pdfkit.framework	—	Not in release	Not in release	Not in release

CVE-2009-0799

Medium priority

Some fixes available 35 of 78

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

14 affected packages

xpdf, cups, cupsys, evince, gpdf...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
cups	—	Not affected	Not affected	Not affected
cupsys	—	Not in release	Not in release	Not in release
evince	—	Not affected	Not affected	Not affected
gpdf	—	Not in release	Not in release	Not in release
ipe	—	Not affected	Not affected	Not affected
kdegraphics	—	Not in release	Not in release	Not in release
koffice	—	Not in release	Not in release	Not in release
pdfkit.framework	—	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release
poppler	—	Fixed	Fixed	Fixed
tetex-bin	—	Not in release	Not in release	Not in release
texlive-bin	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected

CVE-2009-0166

Medium priority

Some fixes available 35 of 78

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

14 affected packages

kdegraphics, gpdf, cupsys, cups, evince...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
kdegraphics	—	Not in release	Not in release	Not in release
gpdf	—	Not in release	Not in release	Not in release
cupsys	—	Not in release	Not in release	Not in release
cups	—	Not affected	Not affected	Not affected
evince	—	Not affected	Not affected	Not affected
ipe	—	Not affected	Not affected	Not affected
koffice	—	Not in release	Not in release	Not in release
libextractor	—	Not affected	Not affected	Not affected
pdfkit.framework	—	Not in release	Not in release	Not in release
pdftohtml	—	Not in release	Not in release	Not in release
poppler	—	Fixed	Fixed	Fixed
tetex-bin	—	Not in release	Not in release	Not in release
texlive-bin	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2009-0147

Medium priority

Some fixes available 21 of 58

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...

14 affected packages

gpdf, cups, cupsys, evince, ipe...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gpdf	—	—	—	—
cups	—	—	—	—
cupsys	—	—	—	—
evince	—	—	—	—
ipe	—	—	—	—
kdegraphics	—	—	—	—
koffice	—	—	—	—
libextractor	—	—	—	—
pdfkit.framework	—	—	—	—
pdftohtml	—	—	—	—
poppler	—	—	—	—
tetex-bin	—	—	—	—
texlive-bin	—	—	—	—
xpdf	—	—	—	—

CVE-2009-0146

Medium priority

Some fixes available 21 of 51

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...

14 affected packages

gpdf, cups, evince, poppler, texlive-bin...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gpdf	—	—	—	—
cups	—	—	—	—
evince	—	—	—	—
poppler	—	—	—	—
texlive-bin	—	—	—	—
xpdf	—	—	—	—
cupsys	—	—	—	—
ipe	—	—	—	—
kdegraphics	—	—	—	—
koffice	—	—	—	—
libextractor	—	—	—	—
pdfkit.framework	—	—	—	—
pdftohtml	—	—	—	—
tetex-bin	—	—	—	—

CVE-2009-0032

Medium priority

Not affected

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

2 affected packages

cups, cupsys

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cups	—	—	—	—
cupsys	—	—	—	—

CVE-2008-5377

Low priority

Fixed

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

2 affected packages

cups, cupsys

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cups	—	—	—	—
cupsys	—	—	—	—

CVE-2008-5286

Medium priority

Fixed

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

2 affected packages

cups, cupsys

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cups	—	—	—	—
cupsys	—	—	—	—

CVE-2008-5184

Low priority

Fixed

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the...

2 affected packages

cups, cupsys

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cups	—	—	—	—
cupsys	—	—	—	—

Export to JSON

Results by page: