High severity7.8NVD Advisory· Published May 6, 2016· Updated Jun 17, 2026
CVE-2015-8868
CVE-2015-8868
Description
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- Range: <0.40.0
- osv-coords19 versionspkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 0.24.4-12.1+ 18 more
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.12.3-1.12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.12.3-1.12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.12.3-1.12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
- (no CPE)range: < 0.24.4-12.1
Patches
Vulnerability mechanics
References
13- lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00068.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-06/msg00077.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2580.htmlnvd
- www.debian.org/security/2016/dsa-3563nvd
- www.openwall.com/lists/oss-security/2016/04/12/1nvd
- www.securityfocus.com/bid/89324nvd
- www.ubuntu.com/usn/USN-2958-1nvd
- bugs.freedesktop.org/show_bug.cginvd
- cgit.freedesktop.org/poppler/poppler/commit/nvd
- poppler.freedesktop.org/releases.htmlnvd
- security.gentoo.org/glsa/201611-15nvd
News mentions
0No linked articles in our index yet.