Search CVE reports
71 – 80 of 109 results
Some fixes available 1 of 4
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file,...
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 4
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 4
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 4
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 4
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 4
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 4
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
4 affected packages
ipe, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | — | — | — | — |
| libextractor | — | — | — | — |
| poppler | — | — | — | — |
| xpdf | — | — | — | — |
Some fixes available 9 of 77
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to...
11 affected packages
gpdf, ipe, koffice, poppler, kdegraphics...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gpdf | Not in release | Not in release | Not in release | Not in release |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| koffice | Not in release | Not in release | Not in release | Not in release |
| poppler | Not affected | Not affected | Not affected | Not affected |
| kdegraphics | Not in release | Not in release | Not in release | Not in release |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| pdfkit.framework | Not in release | Not in release | Not in release | Not in release |
| pdftohtml | Not in release | Not in release | Not in release | Not in release |
| tetex-bin | Not in release | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |
Some fixes available 4 of 74
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a...
11 affected packages
kdegraphics, gpdf, ipe, pdfkit.framework, libextractor...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdegraphics | Not in release | Not in release | Not in release | Not in release |
| gpdf | Not in release | Not in release | Not in release | Not in release |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pdfkit.framework | Not in release | Not in release | Not in release | Not in release |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| koffice | Not in release | Not in release | Not in release | Not in release |
| pdftohtml | Not in release | Not in release | Not in release | Not in release |
| poppler | Not affected | Not affected | Not affected | Not affected |
| tetex-bin | Not in release | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |