Poppler@* Security Vulnerabilities and Issues — Poppler@* CVE List

Lucene search

FreedesktopPoppler*

12 matches found

CVE•added 2021/08/24 7:15 p.m.•1276 views

CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this is...

7.8CVSS6.5AI score0.66902EPSS

In wild

CVE•added 2022/08/22 7:15 p.m.•401 views

CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2...

7.8CVSS8AI score0.66902EPSS

In wild

CVE•added 2018/05/06 11:29 p.m.•206 views

CVE-2018-10768

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

6.5CVSS6.3AI score0.01563EPSS

CVE•added 2019/09/05 4:15 a.m.•193 views

CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

8.8CVSS6.9AI score0.00355EPSS

CVE•added 2020/12/03 5:15 p.m.•187 views

CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

7.5CVSS7.2AI score0.0028EPSS

CVE•added 2024/06/21 2:15 p.m.•120 views

CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

7.5CVSS7.2AI score0.00127EPSS

CVE•added 2018/11/10 7:29 p.m.•103 views

CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5CVSS6.4AI score0.0022EPSS

CVE•added 2007/07/30 11:17 p.m.•86 views

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that trigg...

6.8CVSS7.9AI score0.11401EPSS

CVE•added 2023/07/31 2:15 p.m.•77 views

CVE-2023-34872

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

5.5CVSS5.2AI score0.00268EPSS

CVE•added 2019/11/13 8:15 p.m.•63 views

CVE-2010-4653

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

6.5CVSS6.9AI score0.00782EPSS

CVE•added 2020/01/09 9:15 p.m.•62 views

CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

7.8CVSS7.8AI score0.01333EPSS

CVE•added 2019/11/13 8:15 p.m.•53 views

CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

9.3CVSS7.8AI score0.00468EPSS