21 matches found
Updated poppler packages fix security vulnerabilities
poppler uses std::atomicint for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free...
MGASA-2025-0143 Updated poppler packages fix security vulnerability
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903...
MGASA-2025-0134 Updated poppler packages fix security vulnerabilities
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN. CVE-2025-32364 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine...
Updated poppler packages fix security vulnerabilities
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN. CVE-2025-32364 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine...
Updated poppler packages fix security vulnerability
libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. CVE-2024-56378...
MGASA-2025-0022 Updated poppler packages fix security vulnerability
libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. CVE-2024-56378...
MGASA-2024-0260 Updated poppler packages fix security vulnerability
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. CVE-2024-6239...
MGASA-2024-0218 Updated poppler packages fix security vulnerability
Out-of-bounds array write. CVE-2024-4141...
MGASA-2023-0262 Updated poppler packages fix security vulnerability
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial...
MGASA-2022-0386 Updated poppler packages fix security vulnerability
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...
MGASA-2022-0282 Updated poppler packages fix security vulnerability
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file. CVE-2022-27337...
MGASA-2020-0445 Updated poppler packages fix a security vulnerability
buffer overflow in pdftohtml could result in a DoS CVE-2020-27778...
MGASA-2019-0117 Updated poppler packages fix security vulnerabilities
The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data...
MGASA-2018-0498 Updated poppler packages fix security vulnerability
Poppler before 0.70.0 has a NULL pointer dereference in popplerattachmentnew when called from popplerannotfileattachmentgetattachment. CVE-2018-19149...
MGASA-2018-0358 Updated poppler packages fix security vulnerability
The updated packages fix a security vulnerability: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be...
MGASA-2018-0083 Updated poppler packages fix security vulnerability
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations CVE-2017-1000456...
Updated poppler packages fix security vulnerability
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456...
MGASA-2018-0068 Updated poppler packages fix security vulnerability
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456...
MGASA-2016-0145 Updated poppler packages fix security vulnerabilities
Updated poppler packages fix security vulnerability: A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash fdo93476...
MGASA-2013-0332 Updated poppler packages fix multiple vulnerabilities
Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application...