Poppler@0.24.0 Security Vulnerabilities and Issues — Poppler@0.24.0 CVE List

Lucene search

FreedesktopPoppler0.24.0

5 matches found

CVE•added 2017/05/30 6:29 p.m.•69 views

CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

5.5CVSS5.7AI score0.00403EPSS

CVE•added 2013/11/23 11:55 a.m.•58 views

CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

5CVSS7.1AI score0.29757EPSS

CVE•added 2013/11/23 11:55 a.m.•56 views

CVE-2013-4473

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

7.5CVSS7.9AI score0.02273EPSS

CVE•added 2014/01/26 1:55 a.m.•45 views

CVE-2013-7296

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

5CVSS6.2AI score0.02482EPSS

CVE•added 2014/04/22 2:23 p.m.•39 views

CVE-2013-4472

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

3.3CVSS6.5AI score0.0007EPSS