Poppler Security Vulnerabilities and Issues — Poppler CVE List

Lucene search

FreedesktopPoppler

5 matches found

CVE•added 2025/04/05 10:15 p.m.•226 views

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

4CVSS4.3AI score0.00024EPSS

CVE•added 2025/04/18 9:15 p.m.•223 views

CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

4.3CVSS7.2AI score0.00008EPSS

CVE•added 2025/04/05 10:15 p.m.•211 views

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

4CVSS4.4AI score0.00024EPSS

CVE•added 2013/04/09 8:55 p.m.•61 views

CVE-2013-1789

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

4.3CVSS7AI score0.02487EPSS

CVE•added 2014/08/29 5:0 p.m.•55 views

CVE-2010-5110

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

4.3CVSS6.4AI score0.00773EPSS