Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freedesktop Subscribe
Filtered by product Poppler
Total 72 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9865 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
CVE-2018-20551 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2019-09-11 4.3 MEDIUM 6.5 MEDIUM
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
CVE-2018-19060 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2019-08-06 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
CVE-2018-19149 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2019-08-06 4.3 MEDIUM 6.5 MEDIUM
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-19059 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2019-08-06 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
CVE-2019-10871 1 Freedesktop 1 Poppler 2019-06-18 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVE-2019-10873 1 Freedesktop 1 Poppler 2019-06-18 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
CVE-2017-14975 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-05-03 5.0 MEDIUM 7.5 HIGH
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
CVE-2017-14976 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-05-03 5.0 MEDIUM 7.5 HIGH
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
CVE-2017-14977 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-05-03 5.0 MEDIUM 7.5 HIGH
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
CVE-2017-1000456 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-04-30 6.8 MEDIUM 8.8 HIGH
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
CVE-2018-10768 4 Canonical, Debian, Freedesktop and 1 more 7 Ubuntu Linux, Debian Linux, Poppler and 4 more 2019-04-25 4.3 MEDIUM 6.5 MEDIUM
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
CVE-2018-13988 4 Canonical, Debian, Freedesktop and 1 more 8 Ubuntu Linux, Debian Linux, Poppler and 5 more 2019-04-25 4.3 MEDIUM 6.5 MEDIUM
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
CVE-2017-9083 1 Freedesktop 1 Poppler 2019-03-14 4.3 MEDIUM 6.5 MEDIUM
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
CVE-2017-15565 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-03-14 6.8 MEDIUM 8.8 HIGH
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
CVE-2017-9776 3 Debian, Freedesktop, Redhat 8 Debian Linux, Poppler, Enterprise Linux Desktop and 5 more 2019-03-12 6.8 MEDIUM 7.8 HIGH
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9775 3 Debian, Freedesktop, Redhat 8 Debian Linux, Poppler, Enterprise Linux Desktop and 5 more 2019-03-12 4.3 MEDIUM 6.5 MEDIUM
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-14517 1 Freedesktop 1 Poppler 2019-01-18 4.3 MEDIUM 5.5 MEDIUM
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
CVE-2017-7511 1 Freedesktop 1 Poppler 2018-01-18 4.3 MEDIUM 5.5 MEDIUM
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
CVE-2017-14520 1 Freedesktop 1 Poppler 2018-01-08 6.8 MEDIUM 7.8 HIGH
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.