Search CVE reports
191 – 196 of 196 results
Some fixes available 4 of 6
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
2 affected packages
tetex-bin, texlive-bin
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
Some fixes available 4 of 6
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
2 affected packages
tetex-bin, texlive-bin
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
Some fixes available 25 of 36
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
13 affected packages
cups, cupsys, gpdf, ipe, kdegraphics...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | — |
| cupsys | — | — | — | — | — |
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
Some fixes available 25 of 36
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
13 affected packages
cups, cupsys, gpdf, ipe, kdegraphics...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cups | — | — | — | — | — |
| cupsys | — | — | — | — | — |
| gpdf | — | — | — | — | — |
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
Some fixes available 25 of 36
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and...
13 affected packages
gpdf, cups, ipe, cupsys, kdegraphics...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gpdf | — | — | — | — | — |
| cups | — | — | — | — | — |
| ipe | — | — | — | — | — |
| cupsys | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| pdfkit.framework | — | — | — | — | — |
| pdftohtml | — | — | — | — | — |
| poppler | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| xpdf | — | — | — | — | — |
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to...
3 affected packages
t1lib, tetex-bin, texlive-bin
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| t1lib | — | — | — | — | — |
| tetex-bin | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |