Ziqiang Gu

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: The issue is related to a heap-based buffer over-read vulnerability in the UnescapeName() function in PdfName.cpp. This could allow remote attackers to cause a denial-of-service or possibly other unspecified impacts by using a crafted pdf file. Recommendations: For PoDoFo version 0.9.5, as a temporary workaround, consider restricting the use of the UnescapeName() function in PdfName.cpp until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF versions prior to 1.12.0 **Description** The issue arises from the mishandling of certain length changes during a repair operation that occurs simultaneously with a clean operation in `pdf/pdf-write.c`. This can be exploited by remote attackers using a crafted PDF document, potentially leading to a denial of service through a buffer overflow and application crash, or possibly other unspecified impacts. **Recommendations** For versions prior to 1.12.0, update to version 1.12.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A NULL Pointer Dereference issue exists in the `getGrayLine()` function in GfxState.cc, which can be triggered via a crafted PDF document. **Recommendations** For Poppler version 0.59.0, consider avoiding the use of the `getGrayLine()` function until a patch is available. As a temporary workaround, restrict the processing of crafted PDF documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** The issue is related to memory corruption in Poppler, caused by a repeating series of function calls including `Gfx::display`, `Gfx::go`, `Gfx::execOp`, `Gfx::opFill`, `Gfx::doPatternFill`, `Gfx::doTilingPatternFill`, and `Gfx::drawForm`, which can lead to an infinite loop in Gfx.cc. **Recommendations** For Poppler version 0.59.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A NULL Pointer Dereference issue exists in the `type3D0()` function, which can be triggered by a crafted PDF document. **Recommendations** For Poppler version 0.59.0, consider avoiding the use of the `type3D0()` function in SplashOutputDev.cc until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A floating point exception occurs in the ImageStream class in Stream.cc when handling malicious PDF files, which may lead to a potential attack. **Recommendations** For Poppler version 0.59.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A floating point exception exists in the `isImageInterpolationRequired()` function in Splash.cc via a crafted PDF document. **Recommendations** For Poppler version 0.59.0, consider avoiding the use of the `isImageInterpolationRequired()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A floating point exception occurs in the `Splash::scaleImageYuXd()` function when handling malicious PDF files, potentially leading to a security issue. **Recommendations** For Poppler version 0.59.0, update to a newer version that contains a fix for this issue to prevent potential attacks when handling malicious PDF files.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** The issue occurs due to memory corruption in a call to `Object::streamGetChar` in `Object.h` after a repeating series of `Gfx::display`, `Gfx::go`, `Gfx::execOp`, `Gfx::opShowText`, and `Gfx::doShowText` calls, which can lead to an infinite loop in `Gfx.cc`. **Recommendations** For Poppler version 0.59.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A NULL Pointer Dereference issue exists in the AnnotRichMedia::Configuration::Configuration function in Annot.cc, which can be triggered via a crafted PDF document. This allows a remote attacker to cause a denial of service. The issue is related to the `AnnotRichMedia::Configuration::Configuration` function and can be exploited by using a specially crafted PDF document. **Recommendations** For Poppler version 0.59.0, consider avoiding the use of the `AnnotRichMedia::Configuration::Configuration` function in Annot.cc until a patch is available. As a temporary workaround, restrict the processing of crafted PDF documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** A NULL Pointer Dereference issue exists in the AnnotRichMedia::Content::Content function of the Annot.cc component in the Poppler library for displaying PDF files. This issue can be exploited by a remote attacker using a specially crafted PDF document, potentially leading to a denial of service. **Recommendations** For Poppler version 0.59.0, consider disabling the AnnotRichMedia::Content::Content function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.