ALT-PU-2022-5901-1
Closed vulnerabilities
BDU:2021-05087
Уязвимость операционных систем iPadOS, watchOS, iOS, Mac OS, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-27548
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
Modified: 2025-02-28
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- 20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2
- 20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2
- 20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5
- 20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5
- [oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
- [oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
- GLSA-202209-21
- GLSA-202209-21
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/kb/HT212824
- https://support.apple.com/kb/HT212824
Modified: 2025-03-27
CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
Modified: 2024-11-21
CVE-2022-24106
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
Modified: 2024-11-21
CVE-2022-27135
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
- https://github.com/verf1sh/Poc/blob/master/pic_ppm.png
- https://github.com/verf1sh/Poc/blob/master/pic_ppm.png
- https://github.com/verf1sh/Poc/blob/master/poc_ppm
- https://github.com/verf1sh/Poc/blob/master/poc_ppm
