Searching pdf software vulnerabilities

Buffer overflow in Adobe Acrobat 4.05, Reader,

overflow | Acrobat | Buffer | Adobe |

Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.


The digital signature mechanism for the Adobe A

executable | arbitrary | attackers | certified | signature | mechanism | verifies | plug-in | digital | Acrobat | execute | making | viewer | appear | signed | header | Adobe | which | allow | mode | only | code | PDF | can |

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.


gv 3.5.8, and possibly earlier versions, allows


gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.


Adobe Acrobat 5 does not properly validate Java

demonstrated | JavaScript | arbitrary | documents | W32Yourde | attackers | Plug-ins | validate | properly | Acrobat | spread | folder | allows | remote | other | Adobe | virus | files | which | write | does | into | PDF | not |

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.


Various PDF viewers including (1) Adobe Acrobat

including | viewers | Various | PDF |

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.


Buffer overflow in the WWWLaunchNetscape functi

WWWLaunchNetscape | function | overflow | Acrobat | Reader | Buffer | Adobe |

Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.


Buffer overflow in the mailListIsPdf function i

mailListIsPdf | function | overflow | Acrobat | Reader | Buffer | Adobe |

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.


Adobe Acrobat and Acrobat Reader 6.0 allow remo

attackers | arbitrary | Shockwave | embedded | contains | Acrobat | remote | Reader | Adobe | files | allow | read | file | via | PDF |

Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.


Buffer overflow in the Decrypt::makeFileKey2 fu

overflow | Buffer |

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.


BibORB 1.3.2, and possibly earlier versions, do

BibORB |

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.


Adobe Acrobat Reader 6.0.3 and 7.0.0 allows rem

Acrobat | Reader | Adobe |

Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.


Stack-based buffer overflow in the UnixAppOpenF

UnixAppOpenFilePerform | Stack-based | function | overflow | Reader | buffer | Adobe |

Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag.


The control for Adobe Reader 5.0.9 and 5.0.10 o

control | Reader | Adobe |

The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.


xpdf and kpdf do not properly validate the "loc

properly | validate | service | denial | allows | "loca" | users | cause | local | which | table | files | xpdf | kpdf | not | PDF |

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.


Safari in WebKit in Mac OS X 10.4 to 10.4.2 dir

WebKit | Safari | Mac |

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.


Adobe Document Server for Reader Extensions 6.0

Extensions | includes | Document | session | user's | Server | Reader | Adobe |

Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.


Buffer overflow in the HPDF_Page_Circle functio

hpdf_page_operatorc | HPDF_Page_Circle | function | overflow | Library | Takeshi | Buffer | Kanno | Free | Haru | PDF |

Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.


Directory traversal vulnerability in download_p

download_pdfphp | vulnerability | arbitrary | attackers | traversal | Directory | AssetMan | earlier | remote | allows | files | read | via | 24a |

Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.


Foxit Reader 2.0 allows remote attackers to cau

attackers | service | denial | remote | Reader | allows | Foxit | cause |

Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.


Integer underflow in Preview in PDFKit on Apple

underflow | Preview | Integer | PDFKit | Apple | Mac |

Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file.


Software vulnerabilities results 1 to 20 of 55     
Page: 123