Poppler@0.4.2 Security Vulnerabilities and Issues — Poppler@0.4.2 CVE List

Lucene search

PopplerPoppler0.4.2

23 matches found

CVE•added 2009/04/23 5:30 p.m.•103 views

CVE-2009-0799

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

4.3CVSS7.2AI score0.00676EPSS

CVE•added 2009/04/23 5:30 p.m.•98 views

CVE-2009-1180

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

6.8CVSS7.8AI score0.0199EPSS

CVE•added 2009/04/23 5:30 p.m.•94 views

CVE-2009-1182

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

7.5CVSS7.8AI score0.03762EPSS

CVE•added 2009/10/21 5:30 p.m.•92 views

CVE-2009-3608

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffe...

9.3CVSS7.3AI score0.0622EPSS

CVE•added 2009/04/23 5:30 p.m.•86 views

CVE-2009-1179

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

6.8CVSS7.8AI score0.05331EPSS

CVE•added 2006/01/06 10:0 p.m.•83 views

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5CVSS6.3AI score0.07223EPSS

CVE•added 2009/04/23 5:30 p.m.•83 views

CVE-2009-0800

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

6.8CVSS7.7AI score0.05252EPSS

CVE•added 2006/01/06 10:0 p.m.•81 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS

CVE•added 2009/04/23 5:30 p.m.•81 views

CVE-2009-0166

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

4.3CVSS7.2AI score0.05539EPSS

CVE•added 2009/10/21 5:30 p.m.•79 views

CVE-2009-3603

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party in...

9.3CVSS7.5AI score0.1106EPSS

CVE•added 2006/01/06 10:0 p.m.•78 views

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

10CVSS6.2AI score0.11286EPSS

CVE•added 2009/04/23 5:30 p.m.•77 views

CVE-2009-1183

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

4.3CVSS7.1AI score0.01192EPSS

CVE•added 2009/11/02 3:30 p.m.•73 views

CVE-2009-3605

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2S...

6.8CVSS7.5AI score0.04392EPSS

CVE•added 2009/10/21 5:30 p.m.•71 views

CVE-2009-3606

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

9.3CVSS7.3AI score0.06276EPSS

CVE•added 2009/04/23 5:30 p.m.•70 views

CVE-2009-1181

4.3CVSS7.2AI score0.01381EPSS

CVE•added 2009/10/21 5:30 p.m.•64 views

CVE-2009-3604

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted P...

9.3CVSS7.6AI score0.09744EPSS

CVE•added 2009/03/03 4:30 p.m.•62 views

CVE-2009-0755

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

5CVSS7.1AI score0.21765EPSS

CVE•added 2009/04/23 7:30 p.m.•62 views

CVE-2009-1188

Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)...

5CVSS8AI score0.1106EPSS

CVE•added 2009/10/21 5:30 p.m.•62 views

CVE-2009-3609

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL poin...

4.3CVSS6.8AI score0.05304EPSS

CVE•added 2009/10/21 5:30 p.m.•59 views

CVE-2009-3607

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of...

9.3CVSS8.2AI score0.06855EPSS

CVE•added 2008/04/18 3:5 p.m.•57 views

CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related ...

6.8CVSS7.3AI score0.06879EPSS

CVE•added 2009/03/03 4:30 p.m.•50 views

CVE-2009-0756

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

5CVSS7.1AI score0.16694EPSS

CVE•added 2009/04/23 7:30 p.m.•49 views

CVE-2009-1187

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

5CVSS7.8AI score0.26482EPSS