rpm package
suse/poppler&distro=SUSE Enterprise Storage 7.1
pkg:rpm/suse/poppler&distro=SUSE%20Enterprise%20Storage%207.1
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52885 | Med | — | < 0.79.0-150200.3.46.1 | 0.79.0-150200.3.46.1 | Oct 10, 2025 | Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a | |
| CVE-2025-43718 | Low | 2.9 | < 0.79.0-150200.3.46.1 | 0.79.0-150200.3.46.1 | Oct 1, 2025 | Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetada | |
| CVE-2025-52886 | — | < 0.79.0-150200.3.41.1 | 0.79.0-150200.3.41.1 | Jul 2, 2025 | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. | ||
| CVE-2022-38349 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | ||
| CVE-2022-37051 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||
| CVE-2022-37050 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom | ||
| CVE-2020-23804 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||
| CVE-2020-36024 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 11, 2023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | ||
| CVE-2022-38784 | — | < 0.79.0-150200.3.8.1 | 0.79.0-150200.3.8.1 | Aug 30, 2022 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu |
- affected < 0.79.0-150200.3.46.1fixed 0.79.0-150200.3.46.1
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a
- affected < 0.79.0-150200.3.46.1fixed 0.79.0-150200.3.46.1
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetada
- CVE-2025-52886Jul 2, 2025affected < 0.79.0-150200.3.41.1fixed 0.79.0-150200.3.41.1
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
- CVE-2022-38349Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
- CVE-2022-37051Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
- CVE-2022-37050Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
- CVE-2020-23804Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
- CVE-2020-36024Aug 11, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
- CVE-2022-38784Aug 30, 2022affected < 0.79.0-150200.3.8.1fixed 0.79.0-150200.3.8.1
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu