Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
FreedesktopPoppler

85 matches found

CVE
CVEadded 2021/08/24 7:15 p.m.1249 views

CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this is...

7.8CVSS6.5AI score0.69382EPSS
CVE
CVEadded 2023/08/11 2:15 p.m.569 views

CVE-2020-36024

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

5.5CVSS5.7AI score0.00097EPSS
CVE
CVEadded 2023/08/22 7:16 p.m.390 views

CVE-2022-37051

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

6.5CVSS6.4AI score0.00044EPSS
CVE
CVEadded 2023/08/22 7:16 p.m.381 views

CVE-2022-37050

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-...

6.5CVSS6.5AI score0.00468EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.371 views

CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2...

7.8CVSS8AI score0.69382EPSS
CVE
CVEadded 2023/08/22 7:16 p.m.370 views

CVE-2020-23804

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

7.5CVSS7.1AI score0.00776EPSS
CVE
CVEadded 2023/08/22 7:16 p.m.361 views

CVE-2022-38349

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

6.5CVSS6.4AI score0.00067EPSS
CVE
CVEadded 2019/08/01 5:15 p.m.350 views

CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

7.5CVSS7.3AI score0.00444EPSS
CVE
CVEadded 2019/05/23 5:29 a.m.264 views

CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

8.8CVSS7.3AI score0.00713EPSS
CVE
CVEadded 2023/08/11 2:15 p.m.238 views

CVE-2020-36023

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

6.5CVSS6.1AI score0.00067EPSS
CVE
CVEadded 2019/03/08 5:29 a.m.233 views

CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

9.8CVSS6.8AI score0.02876EPSS
CVE
CVEadded 2025/04/05 10:15 p.m.226 views

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

4CVSS4.3AI score0.00024EPSS
CVE
CVEadded 2025/04/18 9:15 p.m.223 views

CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

4.3CVSS7.2AI score0.00008EPSS
CVE
CVEadded 2019/02/26 11:29 p.m.220 views

CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other ...

8.8CVSS7.2AI score0.03559EPSS
CVE
CVEadded 2019/01/03 1:29 p.m.214 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00468EPSS
CVE
CVEadded 2022/08/30 3:15 a.m.212 views

CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability describ...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVEadded 2025/04/05 10:15 p.m.211 views

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

4CVSS4.4AI score0.00024EPSS
CVE
CVEadded 2023/08/22 7:16 p.m.207 views

CVE-2022-37052

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

6.5CVSS6.2AI score0.00026EPSS
CVE
CVEadded 2018/05/06 11:29 p.m.203 views

CVE-2018-10768

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

6.5CVSS6.3AI score0.01525EPSS
CVE
CVEadded 2018/11/02 7:29 a.m.202 views

CVE-2018-18897

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

6.5CVSS6.6AI score0.002EPSS
CVE
CVEadded 2019/07/22 3:15 p.m.199 views

CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

6.5CVSS6.4AI score0.0035EPSS
CVE
CVEadded 2018/07/25 11:29 p.m.198 views

CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fi...

6.5CVSS6AI score0.00538EPSS
CVE
CVEadded 2019/09/05 4:15 a.m.187 views

CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

8.8CVSS6.9AI score0.00463EPSS
CVE
CVEadded 2020/12/03 5:15 p.m.181 views

CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

7.5CVSS7.2AI score0.0028EPSS
CVE
CVEadded 2019/04/05 4:29 a.m.176 views

CVE-2019-10871

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

6.5CVSS6.5AI score0.00666EPSS
CVE
CVEadded 2018/05/10 3:29 p.m.174 views

CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

5.5CVSS5.7AI score0.00451EPSS
CVE
CVEadded 2017/06/22 9:29 p.m.161 views

CVE-2017-9776

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

7.8CVSS7AI score0.00393EPSS
CVE
CVEadded 2019/02/03 3:29 a.m.161 views

CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocair...

7.8CVSS8AI score0.00267EPSS
CVE
CVEadded 2019/01/01 4:29 p.m.156 views

CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5CVSS6.5AI score0.00561EPSS
CVE
CVEadded 2022/05/05 7:15 p.m.156 views

CVE-2022-27337

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

6.5CVSS6AI score0.00247EPSS
CVE
CVEadded 2020/12/25 2:15 a.m.155 views

CVE-2020-35702

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Pop...

7.8CVSS7.6AI score0.00279EPSS
CVE
CVEadded 2019/04/05 4:29 a.m.154 views

CVE-2019-10872

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

8.8CVSS7.2AI score0.0099EPSS
CVE
CVEadded 2018/12/28 4:29 p.m.137 views

CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

6.5CVSS6.4AI score0.00531EPSS
CVE
CVEadded 2018/12/26 4:29 a.m.133 views

CVE-2018-20481

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

6.5CVSS6.4AI score0.01332EPSS
CVE
CVEadded 2018/09/06 11:29 p.m.128 views

CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

6.5CVSS5.8AI score0.02073EPSS
CVE
CVEadded 2017/06/22 9:29 p.m.127 views

CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

6.5CVSS6.7AI score0.01741EPSS
CVE
CVEadded 2018/11/07 4:29 p.m.119 views

CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

6.5CVSS6.2AI score0.00273EPSS
CVE
CVEadded 2010/11/05 6:0 p.m.117 views

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer...

7.5CVSS7.3AI score0.06284EPSS
CVE
CVEadded 2019/03/21 6:29 p.m.108 views

CVE-2019-9903

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

6.5CVSS6.3AI score0.00445EPSS
CVE
CVEadded 2024/06/21 2:15 p.m.106 views

CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

7.5CVSS7.2AI score0.0031EPSS
CVE
CVEadded 2018/01/02 6:29 p.m.99 views

CVE-2017-1000456

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

8.8CVSS6.8AI score0.00715EPSS
CVE
CVEadded 2017/09/17 11:29 p.m.98 views

CVE-2017-14518

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

7.8CVSS6AI score0.00333EPSS
CVE
CVEadded 2018/11/07 4:29 p.m.97 views

CVE-2018-19059

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

6.5CVSS6.3AI score0.00131EPSS
CVE
CVEadded 2018/11/10 7:29 p.m.96 views

CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5CVSS6.4AI score0.002EPSS
CVE
CVEadded 2017/10/02 1:29 a.m.93 views

CVE-2017-14977

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

7.5CVSS6AI score0.0109EPSS
CVE
CVEadded 2017/06/02 7:29 p.m.93 views

CVE-2017-9406

In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.2AI score0.0104EPSS
CVE
CVEadded 2017/06/25 1:29 p.m.93 views

CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

5.5CVSS6AI score0.00404EPSS
CVE
CVEadded 2017/09/17 11:29 p.m.92 views

CVE-2017-14519

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

7.5CVSS6.3AI score0.00433EPSS
CVE
CVEadded 2018/11/07 4:29 p.m.92 views

CVE-2018-19060

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

6.5CVSS6.3AI score0.0015EPSS
CVE
CVEadded 2017/09/17 11:29 p.m.89 views

CVE-2017-14517

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

5.5CVSS6AI score0.00394EPSS
Total number of security vulnerabilities85