rpm package

suse/poppler&distro=SUSE Linux Enterprise Server 15 SP1-LTSS

pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Vulnerabilities (30)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-38349	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 22, 2023	An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
CVE-2022-37051	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 22, 2023	An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVE-2022-37050	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 22, 2023	In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
CVE-2020-23804	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 22, 2023	Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2020-36024	—	< 0.62.0-150000.4.25.2	0.62.0-150000.4.25.2	Aug 11, 2023	An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVE-2023-32700	—	< 0.62.0-150000.4.12.1	0.62.0-150000.4.12.1	May 20, 2023	LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE-2023-24805	—	< 0.62.0-150000.4.12.1	0.62.0-150000.4.12.1	May 17, 2023	cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote co
CVE-2022-38784	—	< 0.62.0-150000.4.9.1	0.62.0-150000.4.9.1	Aug 30, 2022	Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
CVE-2020-27778	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Dec 3, 2020	A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
CVE-2019-14494	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Aug 1, 2019	An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
CVE-2019-9959	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Jul 22, 2019	The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftoc
CVE-2019-13283	—	< 0.62.0-150000.4.9.1	0.62.0-150000.4.9.1	Jul 4, 2019	In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF do
CVE-2019-10872	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Apr 5, 2019	An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVE-2019-10871	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Apr 5, 2019	An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVE-2019-9903	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Mar 21, 2019	PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVE-2019-9631	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Mar 8, 2019	Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9200	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Feb 26, 2019	A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have
CVE-2019-7310	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Feb 3, 2019	In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demons
CVE-2018-20662	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Jan 3, 2019	In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSub
CVE-2018-20650	—	< 0.62.0-4.6.1	0.62.0-4.6.1	Jan 1, 2019	A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

CVE-2022-38349Aug 22, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
CVE-2022-37051Aug 22, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVE-2022-37050Aug 22, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
CVE-2020-23804Aug 22, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2020-36024Aug 11, 2023
affected < 0.62.0-150000.4.25.2fixed 0.62.0-150000.4.25.2
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVE-2023-32700May 20, 2023
affected < 0.62.0-150000.4.12.1fixed 0.62.0-150000.4.12.1
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE-2023-24805May 17, 2023
affected < 0.62.0-150000.4.12.1fixed 0.62.0-150000.4.12.1
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote co
CVE-2022-38784Aug 30, 2022
affected < 0.62.0-150000.4.9.1fixed 0.62.0-150000.4.9.1
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
CVE-2020-27778Dec 3, 2020
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
CVE-2019-14494Aug 1, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
CVE-2019-9959Jul 22, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftoc
CVE-2019-13283Jul 4, 2019
affected < 0.62.0-150000.4.9.1fixed 0.62.0-150000.4.9.1
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF do
CVE-2019-10872Apr 5, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVE-2019-10871Apr 5, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVE-2019-9903Mar 21, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVE-2019-9631Mar 8, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9200Feb 26, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have
CVE-2019-7310Feb 3, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demons
CVE-2018-20662Jan 3, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSub
CVE-2018-20650Jan 1, 2019
affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

Page 1 of 2