rpm package
almalinux/poppler-qt5
pkg:rpm/almalinux/poppler-qt5
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32365 | — | < 21.01.0-23.el9_7 | 21.01.0-23.el9_7 | Apr 5, 2025 | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | ||
| CVE-2024-6239 | — | < 20.11.0-12.el8_10 | 20.11.0-12.el8_10 | Jun 21, 2024 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||
| CVE-2020-36024 | — | < 20.11.0-11.el8 | 20.11.0-11.el8 | Aug 11, 2023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | ||
| CVE-2022-38784 | — | < 21.01.0-14.el9 | 21.01.0-14.el9 | Aug 30, 2022 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu | ||
| CVE-2022-27337 | — | < 20.11.0-5.el8 | 20.11.0-5.el8 | May 5, 2022 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2020-27778 | — | < 20.11.0-2.el8 | 20.11.0-2.el8 | Dec 3, 2020 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | ||
| CVE-2019-14494 | — | < 0.66.0-27.el8 | 0.66.0-27.el8 | Aug 1, 2019 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
- CVE-2025-32365Apr 5, 2025affected < 21.01.0-23.el9_7fixed 21.01.0-23.el9_7
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
- CVE-2024-6239Jun 21, 2024affected < 20.11.0-12.el8_10fixed 20.11.0-12.el8_10
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- CVE-2020-36024Aug 11, 2023affected < 20.11.0-11.el8fixed 20.11.0-11.el8
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
- CVE-2022-38784Aug 30, 2022affected < 21.01.0-14.el9fixed 21.01.0-14.el9
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
- CVE-2022-27337May 5, 2022affected < 20.11.0-5.el8fixed 20.11.0-5.el8
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2020-27778Dec 3, 2020affected < 20.11.0-2.el8fixed 20.11.0-2.el8
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
- CVE-2019-14494Aug 1, 2019affected < 0.66.0-27.el8fixed 0.66.0-27.el8
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.