rpm package
suse/poppler&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20551 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Dec 28, 2018 | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | ||
| CVE-2018-20481 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Dec 26, 2018 | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | ||
| CVE-2018-19149 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Nov 10, 2018 | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | ||
| CVE-2018-19060 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Nov 7, 2018 | An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. | ||
| CVE-2018-19059 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Nov 7, 2018 | An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. | ||
| CVE-2018-19058 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Nov 7, 2018 | An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | ||
| CVE-2018-18897 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Nov 2, 2018 | An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | ||
| CVE-2018-16646 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Sep 6, 2018 | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | ||
| CVE-2018-13988 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | Jul 25, 2018 | Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a speci | ||
| CVE-2017-18267 | — | < 0.62.0-4.6.1 | 0.62.0-4.6.1 | May 10, 2018 | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. |
- CVE-2018-20551Dec 28, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
- CVE-2018-20481Dec 26, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
- CVE-2018-19149Nov 10, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
- CVE-2018-19060Nov 7, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
- CVE-2018-19059Nov 7, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
- CVE-2018-19058Nov 7, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
- CVE-2018-18897Nov 2, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
- CVE-2018-16646Sep 6, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
- CVE-2018-13988Jul 25, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a speci
- CVE-2017-18267May 10, 2018affected < 0.62.0-4.6.1fixed 0.62.0-4.6.1
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Page 2 of 2