漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
漏洞信息
N/A
漏洞
N/A
漏洞
多家厂商xpdf DCTStream Progressive堆溢出漏洞
漏洞信息
Xpdf是便携文档格式(PDF)文件的开放源码浏览器。 多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。 DCT流解析代码没有充分的验证用户输入。xpdf/Stream.cc的DCTStream::readProgressiveSOF函数从PDF文件的用户可控数据中读取numComps的值,然后在循环中使用该值将数据拷贝到预先分配的堆缓冲区中,如下所示: GBool DCTStream::readProgressiveSOF() { ... numComps = str->getChar(); ...
漏洞信息
N/A
漏洞
N/A