Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freedesktop vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-16646
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
Freedesktop Poppler 0.68.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
1 Github repository
356
VMScore
CVE-2018-14036
Directory Traversal with ../ sequences occurs in AccountsService prior to 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
Freedesktop Accountsservice
383
VMScore
CVE-2017-18267
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler up to and including 0.64.0 allows remote malicious users to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Freedesktop Poppler
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 7.0
Debian Debian Linux 8.0
605
VMScore
CVE-2017-18266
The open_envvar function in xdg-open in xdg-utils prior to 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote malicious users to conduct argument-injection attacks via a crafted URL, as demonstrated...
Freedesktop Xdg-utils
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
605
VMScore
CVE-2017-1000456
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
Freedesktop Poppler 0.60.1
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
605
VMScore
CVE-2017-15565
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
Freedesktop Poppler 0.59.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2017-14975
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an malicious user to launch a denial of service attack.
Freedesktop Poppler 0.59.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2017-14976
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an malicious user to launch a denial of service attack.
Freedesktop Poppler 0.59.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
446
VMScore
CVE-2017-14977
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an malicious user to launch a denial of service attack.
Freedesktop Poppler 0.59.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2 Github repositories
383
VMScore
CVE-2017-14926
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
Freedesktop Poppler 0.59.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »