Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Poppler
(Freedesktop)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 81 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-13 | CVE-2010-4654 | poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | Debian_linux, Poppler | N/A | ||
| 2017-06-06 | CVE-2017-7515 | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | Poppler | 5.5 | ||
| 2017-09-30 | CVE-2017-14929 | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | Poppler | 7.5 | ||
| 2017-09-17 | CVE-2017-14519 | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | Poppler | 7.5 | ||
| 2018-12-28 | CVE-2018-20551 | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | Ubuntu_linux, Poppler | 6.5 | ||
| 2018-11-10 | CVE-2018-19149 | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | Ubuntu_linux, Poppler | 6.5 | ||
| 2018-11-07 | CVE-2018-19060 | An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. | Ubuntu_linux, Poppler | 6.5 | ||
| 2018-11-07 | CVE-2018-19059 | An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. | Ubuntu_linux, Poppler | 6.5 | ||
| 2017-06-25 | CVE-2017-9865 | The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | Debian_linux, Poppler | 5.5 | ||
| 2017-10-02 | CVE-2017-14977 | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | Debian_linux, Poppler | 7.5 |