poppler vulnerabilities and exploits

5
CVSSv2
CVE-2018-16807

In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser....

Bro
5
CVSSv2
CVE-2019-12175

In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled....

Zeek
NA
CVE-2019-6931

Manul Manul is a coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS (beta) written in pure Python. Quick Start pip3 install psutil git clone github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" >...

5
CVSSv2
CVE-2018-17019

In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc....

Bro
4.3
CVSSv2
CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by...

FreedesktopPoppler
4.3
CVSSv2
CVE-2019-10023

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case....

4.3
CVSSv2
CVE-2019-10021

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps....

4.3
CVSSv2
CVE-2019-10019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes....

6.8
CVSSv2
CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor....

5.8
CVSSv2
CVE-2017-7776

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph....