Poppler Security Vulnerabilities and Issues — Poppler CVE List

Lucene search

FreedesktopPoppler

11 matches found

CVE•added 2019/05/23 5:29 a.m.•264 views

CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

8.8CVSS7.3AI score0.00713EPSS

CVE•added 2019/02/26 11:29 p.m.•220 views

CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other ...

8.8CVSS7.2AI score0.03559EPSS

CVE•added 2019/09/05 4:15 a.m.•187 views

CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

8.8CVSS6.9AI score0.00463EPSS

CVE•added 2019/04/05 4:29 a.m.•154 views

CVE-2019-10872

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

8.8CVSS7.2AI score0.0099EPSS

CVE•added 2018/01/02 6:29 p.m.•99 views

CVE-2017-1000456

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

8.8CVSS6.8AI score0.00715EPSS

CVE•added 2017/10/17 10:29 p.m.•77 views

CVE-2017-15565

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

8.8CVSS6.4AI score0.00614EPSS

CVE•added 2017/07/12 5:29 p.m.•67 views

CVE-2017-2820

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To tr...

8.8CVSS8.8AI score0.01219EPSS

CVE•added 2017/07/12 5:29 p.m.•57 views

CVE-2017-2814

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can ...

8.8CVSS9AI score0.01958EPSS

CVE•added 2019/03/01 7:29 p.m.•57 views

CVE-2019-9543

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possi...

8.8CVSS7.5AI score0.00584EPSS

CVE•added 2017/07/12 5:29 p.m.•55 views

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this...

8.8CVSS8.6AI score0.00504EPSS

CVE•added 2019/03/01 7:29 p.m.•51 views

CVE-2019-9545

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly h...

8.8CVSS7.5AI score0.00255EPSS