Albert Astals Cid

**Name of the Vulnerable Software and Affected Versions** Poppler versions through 0.78.0 **Description** The issue is related to a divide-by-zero error in the `SplashOutputDev::tilingPatternFill` function at `SplashOutputDev.cc`. This error can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Poppler versions through 0.78.0, as a temporary workaround, consider disabling the `SplashOutputDev::tilingPatternFill` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** The issue arises from a heap-based buffer over-read in the FoFiType1C::convertToType0 function, located in FoFiType1C.cc. This occurs when an out-of-bounds font dictionary index is encountered, allowing an attacker to potentially launch a denial of service attack. **Recommendations** For Poppler version 0.59.0, consider applying a patch or updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to potentially malicious font files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kde-workspace version 4.2.0 plasma-workspace versions prior to 5.1.95 **Description** The issue allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. **Recommendations** For kde-workspace version 4.2.0, update to a version later than 4.2.0 to resolve the issue. For plasma-workspace versions prior to 5.1.95, update to version 5.1.95 or later to resolve the issue.