Search Results (Refine Search)
- CPE Product Version: cpe:/a:freedesktop:poppler:0.59.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-34872 |
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Published: July 31, 2023; 10:15:10 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-38784 |
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Published: August 29, 2022; 11:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-38171 |
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Published: August 22, 2022; 3:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2021-30860 |
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Published: August 24, 2021; 3:15:14 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-27778 |
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. Published: December 03, 2020; 12:15:13 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-21009 |
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Published: September 05, 2019; 12:15:09 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14494 |
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Published: August 01, 2019; 1:15:13 PM -0400 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2019-9959 |
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. Published: July 22, 2019; 11:15:10 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-12293 |
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. Published: May 23, 2019; 1:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19149 |
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. Published: November 10, 2018; 2:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-13988 |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. Published: July 25, 2018; 7:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18267 |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. Published: May 10, 2018; 11:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-15565 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. Published: October 17, 2017; 6:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-14977 |
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. Published: October 01, 2017; 9:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14976 |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. Published: October 01, 2017; 9:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14975 |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. Published: October 01, 2017; 9:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14929 |
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14928 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14927 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14926 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |