Total
78 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9408 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-14520 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | |||||
CVE-2017-14617 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | |||||
CVE-2017-14929 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | |||||
CVE-2017-15565 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |||||
CVE-2017-14927 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | |||||
CVE-2017-9083 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. | |||||
CVE-2015-8868 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. | |||||
CVE-2013-7296 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 5.0 MEDIUM | N/A |
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. | |||||
CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 3.3 LOW | N/A |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | N/A |
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
CVE-2013-1790 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | N/A |
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. | |||||
CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | N/A |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | |||||
CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | |||||
CVE-2013-4474 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. | |||||
CVE-2013-1788 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | N/A |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. | |||||
CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 11 Cups, Ubuntu Linux, Debian Linux and 8 more | 2024-02-04 | 7.5 HIGH | N/A |
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | |||||
CVE-2007-3387 | 6 Apple, Canonical, Debian and 3 more | 6 Cups, Ubuntu Linux, Debian Linux and 3 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. |