Product:

Poppler

(Freedesktop)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 64
Date ID Summary Products Score Patch
2019-03-08 CVE-2019-9631 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. Debian_linux, Fedora, Poppler 9.8
2019-02-26 CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Ubuntu_linux, Debian_linux, Poppler 8.8
2019-05-23 CVE-2019-12293 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. Poppler 8.8
2019-04-05 CVE-2019-10872 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. Poppler 8.8
2019-09-05 CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Poppler 8.8
2018-12-26 CVE-2018-20481 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. Ubuntu_linux, Debian_linux, Poppler 6.5
2018-09-06 CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. Ubuntu_linux, Debian_linux, Poppler 6.5
2018-05-10 CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. Ubuntu_linux, Debian_linux, Poppler, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2019-08-01 CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Ubuntu_linux, Fedora, Poppler N/A
2020-01-09 CVE-2012-2142 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. Poppler, Opensuse, Enterprise_linux, Xpdf N/A