| 0 |
|
| 1 |
| url |
VCID-4hjh-cqg4-wqdk |
| vulnerability_id |
VCID-4hjh-cqg4-wqdk |
| summary |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-18267
|
| risk_score |
2.3 |
| exploitability |
0.5 |
| weighted_severity |
4.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjh-cqg4-wqdk |
|
| 2 |
| url |
VCID-7ukn-38hy-dffs |
| vulnerability_id |
VCID-7ukn-38hy-dffs |
| summary |
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-10768
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ukn-38hy-dffs |
|
| 3 |
| url |
VCID-9b9k-93ve-pbdu |
| vulnerability_id |
VCID-9b9k-93ve-pbdu |
| summary |
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-10767
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9b9k-93ve-pbdu |
|
| 4 |
| url |
VCID-bspu-grjr-f7h4 |
| vulnerability_id |
VCID-bspu-grjr-f7h4 |
| summary |
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-2862
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bspu-grjr-f7h4 |
|
| 5 |
| url |
VCID-erk4-udeu-r3eq |
| vulnerability_id |
VCID-erk4-udeu-r3eq |
| summary |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-4121
|
| risk_score |
9.0 |
| exploitability |
2.0 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-erk4-udeu-r3eq |
|
| 6 |
| url |
VCID-fmqa-fers-5ydf |
| vulnerability_id |
VCID-fmqa-fers-5ydf |
| summary |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-13988
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqa-fers-5ydf |
|
| 7 |
| url |
VCID-h8nb-gtwb-3yhk |
| vulnerability_id |
VCID-h8nb-gtwb-3yhk |
| summary |
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-11712
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h8nb-gtwb-3yhk |
|
| 8 |
|
| 9 |
| url |
VCID-p55u-zx5u-7kax |
| vulnerability_id |
VCID-p55u-zx5u-7kax |
| summary |
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-4200
|
| risk_score |
9.0 |
| exploitability |
2.0 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p55u-zx5u-7kax |
|
| 10 |
|
| 11 |
| url |
VCID-qb6u-ddgw-zyhf |
| vulnerability_id |
VCID-qb6u-ddgw-zyhf |
| summary |
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-11713
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qb6u-ddgw-zyhf |
|
| 12 |
|
| 13 |
| url |
VCID-yzd8-pjer-mkgf |
| vulnerability_id |
VCID-yzd8-pjer-mkgf |
| summary |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-4204
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yzd8-pjer-mkgf |
|
| 14 |
|