Filtered by vendor Freedesktop
Subscriptions
Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14517 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | ||||
| CVE-2017-14929 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | ||||
| CVE-2017-9408 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
| In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2017-2814 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. | ||||
| CVE-2017-2818 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. | ||||
| CVE-2017-7515 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | ||||
| CVE-2017-7511 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | ||||
| CVE-2017-14926 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | 5.5 Medium |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | ||||
| CVE-2017-14975 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
| The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | ||||
| CVE-2017-14617 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | ||||
| CVE-2017-9776 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
| CVE-2017-14518 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | ||||
| CVE-2014-7824 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Dbus and 1 more | 2025-04-12 | N/A |
| D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. | ||||
| CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2025-04-12 | N/A |
| DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | ||||
| CVE-2015-0245 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2025-04-12 | N/A |
| D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. | ||||
| CVE-2014-3635 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2025-04-12 | N/A |
| Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. | ||||
| CVE-2014-3639 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2025-04-12 | N/A |
| The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. | ||||
| CVE-2014-3533 | 4 Debian, Freedesktop, Mageia Project and 1 more | 4 Debian Linux, Dbus, Mageia and 1 more | 2025-04-12 | N/A |
| dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. | ||||
| CVE-2014-3638 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2025-04-12 | N/A |
| The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. | ||||
| CVE-2014-3532 | 6 Debian, Freedesktop, Linux and 3 more | 6 Debian Linux, Dbus, Linux Kernel and 3 more | 2025-04-12 | N/A |
| dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. | ||||