Poppler@0.72.0 Security Vulnerabilities and Issues — Poppler@0.72.0 CVE List

Lucene search

FreedesktopPoppler0.72.0

4 matches found

CVE•added 2019/01/03 1:29 p.m.•214 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00468EPSS

CVE•added 2019/01/01 4:29 p.m.•156 views

CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5CVSS6.5AI score0.00561EPSS

CVE•added 2018/12/28 4:29 p.m.•137 views

CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

6.5CVSS6.4AI score0.00531EPSS

CVE•added 2018/12/26 4:29 a.m.•133 views

CVE-2018-20481

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

6.5CVSS6.4AI score0.01332EPSS