rpm package
opensuse/poppler&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/poppler&distro=openSUSE%20Tumbleweed
Vulnerabilities (34)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11896 | Low | — | < 25.09.1-4.1 | 25.09.1-4.1 | Oct 16, 2025 | In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow. | |
| CVE-2025-52885 | Med | — | < 25.09.1-2.1 | 25.09.1-2.1 | Oct 10, 2025 | Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a | |
| CVE-2025-50420 | — | < 25.08.0-1.1 | 25.08.0-1.1 | Aug 4, 2025 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS). | ||
| CVE-2025-52886 | — | < 25.06.0-1.1 | 25.06.0-1.1 | Jul 2, 2025 | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. | ||
| CVE-2025-32365 | — | < 25.04.0-1.1 | 25.04.0-1.1 | Apr 5, 2025 | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | ||
| CVE-2025-32364 | — | < 25.04.0-1.1 | 25.04.0-1.1 | Apr 5, 2025 | A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. | ||
| CVE-2024-56378 | — | < 24.12.0-1.1 | 24.12.0-1.1 | Dec 22, 2024 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | ||
| CVE-2024-6239 | — | < 24.07.0-1.1 | 24.07.0-1.1 | Jun 21, 2024 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||
| CVE-2022-38784 | — | < 22.09.0-1.1 | 22.09.0-1.1 | Aug 30, 2022 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu | ||
| CVE-2017-14518 | Hig | 7.8 | < 21.08.0-1.3 | 21.08.0-1.3 | Sep 17, 2017 | In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | |
| CVE-2017-14517 | Med | 5.5 | < 21.08.0-1.3 | 21.08.0-1.3 | Sep 17, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | |
| CVE-2017-7515 | Med | 5.5 | < 21.08.0-1.3 | 21.08.0-1.3 | Jun 6, 2017 | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | |
| CVE-2013-4474 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Nov 23, 2013 | Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. | ||
| CVE-2013-4473 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Nov 23, 2013 | Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | ||
| CVE-2013-1790 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 9, 2013 | poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. | ||
| CVE-2013-1789 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 9, 2013 | splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | ||
| CVE-2013-1788 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 9, 2013 | poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. | ||
| CVE-2009-3608 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Oct 21, 2009 | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers | ||
| CVE-2009-3607 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Oct 21, 2009 | Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer over | ||
| CVE-2009-1188 | — | < 0.49.0-1.1 | 0.49.0-1.1 | Apr 23, 2009 | Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service |
- affected < 25.09.1-4.1fixed 25.09.1-4.1
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
- affected < 25.09.1-2.1fixed 25.09.1-2.1
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a
- CVE-2025-50420Aug 4, 2025affected < 25.08.0-1.1fixed 25.08.0-1.1
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
- CVE-2025-52886Jul 2, 2025affected < 25.06.0-1.1fixed 25.06.0-1.1
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
- CVE-2025-32365Apr 5, 2025affected < 25.04.0-1.1fixed 25.04.0-1.1
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
- CVE-2025-32364Apr 5, 2025affected < 25.04.0-1.1fixed 25.04.0-1.1
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
- CVE-2024-56378Dec 22, 2024affected < 24.12.0-1.1fixed 24.12.0-1.1
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
- CVE-2024-6239Jun 21, 2024affected < 24.07.0-1.1fixed 24.07.0-1.1
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- CVE-2022-38784Aug 30, 2022affected < 22.09.0-1.1fixed 22.09.0-1.1
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
- affected < 21.08.0-1.3fixed 21.08.0-1.3
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
- affected < 21.08.0-1.3fixed 21.08.0-1.3
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
- affected < 21.08.0-1.3fixed 21.08.0-1.3
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
- CVE-2013-4474Nov 23, 2013affected < 0.49.0-1.1fixed 0.49.0-1.1
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
- CVE-2013-4473Nov 23, 2013affected < 0.49.0-1.1fixed 0.49.0-1.1
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
- CVE-2013-1790Apr 9, 2013affected < 0.49.0-1.1fixed 0.49.0-1.1
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
- CVE-2013-1789Apr 9, 2013affected < 0.49.0-1.1fixed 0.49.0-1.1
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
- CVE-2013-1788Apr 9, 2013affected < 0.49.0-1.1fixed 0.49.0-1.1
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
- CVE-2009-3608Oct 21, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers
- CVE-2009-3607Oct 21, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer over
- CVE-2009-1188Apr 23, 2009affected < 0.49.0-1.1fixed 0.49.0-1.1
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service
Page 1 of 2