) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2013-4472 |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Published: April 22, 2014; 10:23:34 AM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
| CVE-2013-7296 |
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. Published: January 25, 2014; 8:55:13 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2013-4474 |
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Published: November 23, 2013; 6:55:04 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2013-4473 |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Published: November 23, 2013; 6:55:04 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2013-1790 |
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. Published: April 09, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2013-1789 |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. Published: April 09, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2013-1788 |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. Published: April 09, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2007-3387 |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Published: July 30, 2007; 7:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |