rpm package

opensuse/poppler&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.4

Vulnerabilities (22)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-38349	—	< 22.01.0-150400.3.11.2	22.01.0-150400.3.11.2	Aug 22, 2023	An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
CVE-2022-37052	—	< 0.62.0-150000.4.31.1	0.62.0-150000.4.31.1	Aug 22, 2023	A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2022-37051	—	< 22.01.0-150400.3.11.2	22.01.0-150400.3.11.2	Aug 22, 2023	An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVE-2022-37050	—	< 22.01.0-150400.3.11.2	22.01.0-150400.3.11.2	Aug 22, 2023	In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
CVE-2020-23804	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 22, 2023	Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2020-36024	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 11, 2023	An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVE-2020-36023	—	< 0.62.0-150000.4.28.2	0.62.0-150000.4.28.2	Aug 11, 2023	An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
CVE-2023-34872	—	< 22.01.0-150400.3.16.1	22.01.0-150400.3.16.1	Jul 31, 2023	A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVE-2023-32700	—	< 0.62.0-150000.4.12.1	0.62.0-150000.4.12.1	May 20, 2023	LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE-2023-24805	—	< 0.62.0-150000.4.12.1	0.62.0-150000.4.12.1	May 17, 2023	cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote co
CVE-2022-38784	—	< 0.62.0-150000.4.9.1	0.62.0-150000.4.9.1	Aug 30, 2022	Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
CVE-2022-27337	—	< 0.62.0-150000.4.15.1	0.62.0-150000.4.15.1	May 5, 2022	A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2019-16115	—	< 0.62.0-150000.4.18.1	0.62.0-150000.4.18.1	Sep 8, 2019	In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted P
CVE-2018-21009	—	< 0.62.0-150000.4.15.1	0.62.0-150000.4.15.1	Sep 5, 2019	Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2019-13287	—	< 0.62.0-150000.4.28.2	0.62.0-150000.4.28.2	Jul 4, 2019	In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Di
CVE-2019-13283	—	< 0.62.0-150000.4.9.1	0.62.0-150000.4.9.1	Jul 4, 2019	In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF do
CVE-2019-12293	—	< 0.62.0-150000.4.15.1	0.62.0-150000.4.15.1	May 23, 2019	In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVE-2019-9545	—	< 0.62.0-150000.4.31.1	0.62.0-150000.4.31.1	Mar 1, 2019	An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation f
CVE-2019-7310	—	< 0.62.0-150000.4.18.1	0.62.0-150000.4.18.1	Feb 3, 2019	In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demons
CVE-2018-20662	—	< 0.62.0-150000.4.34.1	0.62.0-150000.4.34.1	Jan 3, 2019	In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSub

CVE-2022-38349Aug 22, 2023
affected < 22.01.0-150400.3.11.2fixed 22.01.0-150400.3.11.2
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
CVE-2022-37052Aug 22, 2023
affected < 0.62.0-150000.4.31.1fixed 0.62.0-150000.4.31.1
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2022-37051Aug 22, 2023
affected < 22.01.0-150400.3.11.2fixed 22.01.0-150400.3.11.2
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVE-2022-37050Aug 22, 2023
affected < 22.01.0-150400.3.11.2fixed 22.01.0-150400.3.11.2
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
CVE-2020-23804Aug 22, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2020-36024Aug 11, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVE-2020-36023Aug 11, 2023
affected < 0.62.0-150000.4.28.2fixed 0.62.0-150000.4.28.2
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
CVE-2023-34872Jul 31, 2023
affected < 22.01.0-150400.3.16.1fixed 22.01.0-150400.3.16.1
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVE-2023-32700May 20, 2023
affected < 0.62.0-150000.4.12.1fixed 0.62.0-150000.4.12.1
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE-2023-24805May 17, 2023
affected < 0.62.0-150000.4.12.1fixed 0.62.0-150000.4.12.1
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote co
CVE-2022-38784Aug 30, 2022
affected < 0.62.0-150000.4.9.1fixed 0.62.0-150000.4.9.1
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
CVE-2022-27337May 5, 2022
affected < 0.62.0-150000.4.15.1fixed 0.62.0-150000.4.15.1
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2019-16115Sep 8, 2019
affected < 0.62.0-150000.4.18.1fixed 0.62.0-150000.4.18.1
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted P
CVE-2018-21009Sep 5, 2019
affected < 0.62.0-150000.4.15.1fixed 0.62.0-150000.4.15.1
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2019-13287Jul 4, 2019
affected < 0.62.0-150000.4.28.2fixed 0.62.0-150000.4.28.2
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Di
CVE-2019-13283Jul 4, 2019
affected < 0.62.0-150000.4.9.1fixed 0.62.0-150000.4.9.1
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF do
CVE-2019-12293May 23, 2019
affected < 0.62.0-150000.4.15.1fixed 0.62.0-150000.4.15.1
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVE-2019-9545Mar 1, 2019
affected < 0.62.0-150000.4.31.1fixed 0.62.0-150000.4.31.1
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation f
CVE-2019-7310Feb 3, 2019
affected < 0.62.0-150000.4.18.1fixed 0.62.0-150000.4.18.1
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demons
CVE-2018-20662Jan 3, 2019
affected < 0.62.0-150000.4.34.1fixed 0.62.0-150000.4.34.1
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSub

Page 1 of 2