Turbolinux: >> Turbolinux Security Vulnerabilities
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS Score
5.0
EPSS Score
0.072
Published
2005-12-31
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS Score
10.0
EPSS Score
0.113
Published
2005-12-31
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS Score
5.0
EPSS Score
0.092
Published
2005-12-31
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS Score
7.5
EPSS Score
0.032
Published
2004-09-16
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-03-26
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVSS Score
10.0
EPSS Score
0.009
Published
2000-11-14
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2000-05-22
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
CVSS Score
2.1
EPSS Score
0.0
Published
2000-04-21
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-03-03
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-02-28
Page 1