Product:

Poppler

(Freedesktop)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 61
Date ID Summary Products Score Patch
2017-06-06 CVE-2017-7515 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. Poppler 5.5
2018-05-10 CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. Ubuntu_linux, Debian_linux, Poppler, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2017-09-30 CVE-2017-14929 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. Poppler 7.5
2017-09-17 CVE-2017-14519 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). Poppler 7.5
2019-09-05 CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Poppler 8.8
2018-12-28 CVE-2018-20551 A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Ubuntu_linux, Poppler 6.5
2019-07-22 CVE-2019-9959 The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. Poppler 6.5
2019-08-01 CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Poppler 6.5
2019-02-03 CVE-2019-7310 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. Ubuntu_linux, Debian_linux, Fedora, Poppler 8.8
2019-01-01 CVE-2018-20650 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Ubuntu_linux, Poppler 6.5