Poppler Security Vulnerabilities and Issues — Poppler CVE List

Lucene search

FreedesktopPoppler

12 matches found

CVE•added 2023/08/11 2:15 p.m.•569 views

CVE-2020-36024

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

5.5CVSS5.7AI score0.00097EPSS

CVE•added 2018/05/10 3:29 p.m.•174 views

CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

5.5CVSS5.7AI score0.00451EPSS

CVE•added 2017/06/25 1:29 p.m.•93 views

CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

5.5CVSS6AI score0.00404EPSS

CVE•added 2017/09/17 11:29 p.m.•89 views

CVE-2017-14517

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

5.5CVSS6AI score0.00394EPSS

CVE•added 2023/07/31 2:15 p.m.•73 views

CVE-2023-34872

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

5.5CVSS5.2AI score0.00268EPSS

CVE•added 2017/05/30 6:29 p.m.•69 views

CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

5.5CVSS5.7AI score0.00403EPSS

CVE•added 2017/09/30 1:29 a.m.•66 views

CVE-2017-14928

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

5.5CVSS5.4AI score0.00278EPSS

CVE•added 2017/09/30 1:29 a.m.•64 views

CVE-2017-14926

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

5.5CVSS5.4AI score0.00278EPSS

CVE•added 2013/11/23 11:55 a.m.•58 views

CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

5CVSS7.1AI score0.29757EPSS

CVE•added 2017/09/30 1:29 a.m.•57 views

CVE-2017-14927

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

5.5CVSS5.7AI score0.00265EPSS

CVE•added 2017/06/06 2:29 p.m.•53 views

CVE-2017-7515

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

5.5CVSS6.1AI score0.00352EPSS

CVE•added 2014/01/26 1:55 a.m.•45 views

CVE-2013-7296

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

5CVSS6.2AI score0.02482EPSS