Filtered by vendor Freedesktop Subscriptions
Total 135 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-5110 1 Freedesktop 1 Poppler 2024-11-21 N/A
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2010-4654 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 7.8 High
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
CVE-2010-4653 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 6.5 Medium
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVE-2010-3702 9 Apple, Canonical, Debian and 6 more 12 Cups, Ubuntu Linux, Debian Linux and 9 more 2024-11-21 N/A
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-1172 2 Freedesktop, Redhat 2 Dbus-glib, Enterprise Linux 2024-11-21 N/A
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
CVE-2010-1149 1 Freedesktop 1 Udisks 2024-11-21 N/A
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
CVE-2010-0750 1 Freedesktop 1 Policykit 2024-11-21 N/A
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.
CVE-2009-1189 2 Freedesktop, Redhat 2 Dbus, Enterprise Linux 2024-11-21 N/A
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
CVE-2009-0068 2 Freedesktop, Mozilla 2 Xdg-utils, Firefox 2024-11-21 N/A
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
CVE-2008-4984 1 Freedesktop 1 Scratchbox2 2024-11-21 N/A
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.
CVE-2008-4311 1 Freedesktop 1 Dbus 2024-11-21 N/A
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
CVE-2008-3834 2 Freedesktop, Redhat 4 Dbus, Dbus1.0, Dbus1.1.0 and 1 more 2024-11-21 N/A
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
CVE-2008-1658 1 Freedesktop 1 Policykit 2024-11-21 N/A
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
CVE-2008-0595 4 Fedoraproject, Freedesktop, Mandrakesoft and 1 more 4 Fedora, Dbus, Mandrake Linux and 1 more 2024-11-21 N/A
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
CVE-2007-3387 7 Apple, Canonical, Debian and 4 more 7 Cups, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 N/A
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.