rpm package
suse/poppler&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (47)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-18267 | — | < 0.24.4-14.26.1 | 0.24.4-14.26.1 | May 10, 2018 | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | ||
| CVE-2018-10768 | — | < 0.24.4-14.16.6 | 0.24.4-14.16.6 | May 6, 2018 | There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. | ||
| CVE-2017-1000456 | — | < 0.24.4-14.16.6 | 0.24.4-14.16.6 | Jan 2, 2018 | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||
| CVE-2017-15565 | Hig | 8.8 | < 0.24.4-14.16.6 | 0.24.4-14.16.6 | Oct 17, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |
| CVE-2017-14617 | Hig | 7.8 | < 0.24.4-14.16.6 | 0.24.4-14.16.6 | Sep 20, 2017 | In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | |
| CVE-2017-14517 | Med | 5.5 | < 0.24.4-14.16.6 | 0.24.4-14.16.6 | Sep 17, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | |
| CVE-2017-7511 | Med | 5.5 | < 0.24.4-14.44.1 | 0.24.4-14.44.1 | May 30, 2017 | poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. |
- CVE-2017-18267May 10, 2018affected < 0.24.4-14.26.1fixed 0.24.4-14.26.1
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
- CVE-2018-10768May 6, 2018affected < 0.24.4-14.16.6fixed 0.24.4-14.16.6
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
- CVE-2017-1000456Jan 2, 2018affected < 0.24.4-14.16.6fixed 0.24.4-14.16.6
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
- affected < 0.24.4-14.16.6fixed 0.24.4-14.16.6
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
- affected < 0.24.4-14.16.6fixed 0.24.4-14.16.6
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
- affected < 0.24.4-14.16.6fixed 0.24.4-14.16.6
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
- affected < 0.24.4-14.44.1fixed 0.24.4-14.44.1
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
Page 3 of 3