Vulnerabilities (CVE)

Filtered by vendor Freedesktop Subscribe
Total 131 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6239 2 Freedesktop, Redhat 2 Poppler, Enterprise Linux 2024-11-12 N/A 7.5 HIGH
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
CVE-2020-35702 1 Freedesktop 1 Poppler 2024-08-04 6.8 MEDIUM 7.8 HIGH
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects.
CVE-2022-37050 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-02-05 N/A 6.5 MEDIUM
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
CVE-2020-23804 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-02-05 N/A 7.5 HIGH
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2020-36023 1 Freedesktop 1 Poppler 2024-02-05 N/A 6.5 MEDIUM
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
CVE-2020-36024 1 Freedesktop 1 Poppler 2024-02-05 N/A 5.5 MEDIUM
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVE-2022-37051 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-02-05 N/A 6.5 MEDIUM
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVE-2023-34872 1 Freedesktop 1 Poppler 2024-02-05 N/A 5.5 MEDIUM
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVE-2023-34969 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Dbus 2024-02-04 N/A 6.5 MEDIUM
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
CVE-2022-4055 1 Freedesktop 1 Xdg-utils 2024-02-04 N/A 7.4 HIGH
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
CVE-2022-42010 2 Fedoraproject, Freedesktop 2 Fedora, Dbus 2024-02-04 N/A 6.5 MEDIUM
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
CVE-2022-38784 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Poppler 2024-02-04 N/A 7.8 HIGH
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
CVE-2022-42011 2 Fedoraproject, Freedesktop 2 Fedora, Dbus 2024-02-04 N/A 6.5 MEDIUM
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
CVE-2022-42012 2 Fedoraproject, Freedesktop 2 Fedora, Dbus 2024-02-04 N/A 6.5 MEDIUM
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
CVE-2022-38171 2 Freedesktop, Xpdfreader 2 Poppler, Xpdf 2024-02-04 N/A 7.8 HIGH
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVE-2022-31782 1 Freedesktop 1 Freetype Demo Programs 2024-02-04 6.8 MEDIUM 7.8 HIGH
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
CVE-2022-27337 1 Freedesktop 1 Poppler 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-1215 1 Freedesktop 1 Libinput 2024-02-04 7.2 HIGH 7.8 HIGH
A format string vulnerability was found in libinput
CVE-2020-27748 1 Freedesktop 1 Xdg-utils 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
CVE-2015-1877 2 Debian, Freedesktop 2 Debian Linux, Xdg-utils 2024-02-04 6.8 MEDIUM 8.8 HIGH
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.