PT-2025-27644 · Poppler +3 · Poppler +3

Name of the Vulnerable Software and Affected Versions: Poppler versions prior to 25.06.0 Description: The issue is related to the use of std::atomic int for reference counting in the Poppler PDF rendering library. Since std::atomic int is only 32 bits, it is possible to overflow the reference...

DLA-4141-1 poppler - security update

Bulletin has no description...

PT-2025-17348 · Poppler +5 · Poppler +5

Name of the Vulnerable Software and Affected Versions: Poppler versions prior to 25.04.0 Description: The issue is related to the verification of adbe.pkcs7.sha1 signatures on documents. In the affected versions, the NSSCryptoSignBackend.cc in Poppler does not properly verify these signatures,...

DEBIAN-CVE-2022-37052

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject...

PT-2023-25043 · Poppler +5 · Poppler +5

Name of the Vulnerable Software and Affected Versions: Poppler versions prior to 23.06.0 Description: A vulnerability in Outline.cc for Poppler allows a remote attacker to cause a Denial of Service DoS crash via a crafted PDF file in OutlineItem::open. Recommendations: For versions prior to...

DLA-2287-1 poppler - security update

Bulletin has no description...

DLA-1752-1 poppler - security update

Bulletin has no description...

CVE-2019-10873

An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc...

DLA-1706-1 poppler - security update

Bulletin has no description...

DLA-1562-1 poppler - security update

Bulletin has no description...

DLA-1228-1 poppler - security update

Bulletin has no description...

DLA-1177-1 poppler - security update

Bulletin has no description...

CVE-2017-14976

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack...

CVE-2017-14977

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack...

CVE-2017-14927

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0 function in SplashOutputDev.cc via a crafted PDF document...

CVE-2017-14929

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls aka a Gfx.cc infinite loop, a different vulnerability than...

CVE-2017-14517

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document...

CVE-2017-14519

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls aka a Gfx.cc infinite loop...

DLA-1074-1 poppler - security update

Bulletin has no description...

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...