Total
78 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27337 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2020-27778 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | |||||
| CVE-2019-10871 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. | |||||
| CVE-2019-9631 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | |||||
| CVE-2018-21009 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | |||||
| CVE-2019-9959 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | |||||
| CVE-2019-12293 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | |||||
| CVE-2019-10873 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. | |||||
| CVE-2019-10872 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. | |||||
| CVE-2019-11026 | 2 Fedoraproject, Freedesktop | 2 Fedora, Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | |||||
| CVE-2019-14494 | 3 Canonical, Fedoraproject, Freedesktop | 3 Ubuntu Linux, Fedora, Poppler | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | |||||
| CVE-2019-9903 | 2 Fedoraproject, Freedesktop | 2 Fedora, Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | |||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
| CVE-2018-19149 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | |||||
| CVE-2019-9545 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. | |||||
| CVE-2019-9543 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. | |||||
| CVE-2018-18897 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | |||||