rpm package
suse/poppler&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-6239 | — | < 23.01.0-150500.3.11.1 | 23.01.0-150500.3.11.1 | Jun 21, 2024 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||
| CVE-2024-4141 | — | < 23.01.0-150500.3.8.1 | 23.01.0-150500.3.8.1 | Apr 24, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | ||
| CVE-2022-38349 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | ||
| CVE-2022-37052 | — | < 0.79.0-150200.3.26.1 | 0.79.0-150200.3.26.1 | Aug 22, 2023 | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | ||
| CVE-2022-37051 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||
| CVE-2022-37050 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom | ||
| CVE-2020-23804 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 22, 2023 | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||
| CVE-2020-36024 | — | < 0.79.0-150200.3.21.2 | 0.79.0-150200.3.21.2 | Aug 11, 2023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | ||
| CVE-2020-36023 | — | < 0.79.0-150200.3.26.1 | 0.79.0-150200.3.26.1 | Aug 11, 2023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | ||
| CVE-2023-34872 | — | < 23.01.0-150500.3.5.2 | 23.01.0-150500.3.5.2 | Jul 31, 2023 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | ||
| CVE-2022-27337 | — | < 0.79.0-150200.3.11.1 | 0.79.0-150200.3.11.1 | May 5, 2022 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2019-16115 | — | < 0.79.0-150200.3.14.1 | 0.79.0-150200.3.14.1 | Sep 8, 2019 | In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted P | ||
| CVE-2019-9545 | — | < 0.79.0-150200.3.26.1 | 0.79.0-150200.3.26.1 | Mar 1, 2019 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation f |
- CVE-2024-6239Jun 21, 2024affected < 23.01.0-150500.3.11.1fixed 23.01.0-150500.3.11.1
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- CVE-2024-4141Apr 24, 2024affected < 23.01.0-150500.3.8.1fixed 23.01.0-150500.3.8.1
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
- CVE-2022-38349Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
- CVE-2022-37052Aug 22, 2023affected < 0.79.0-150200.3.26.1fixed 0.79.0-150200.3.26.1
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
- CVE-2022-37051Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
- CVE-2022-37050Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
- CVE-2020-23804Aug 22, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
- CVE-2020-36024Aug 11, 2023affected < 0.79.0-150200.3.21.2fixed 0.79.0-150200.3.21.2
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
- CVE-2020-36023Aug 11, 2023affected < 0.79.0-150200.3.26.1fixed 0.79.0-150200.3.26.1
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
- CVE-2023-34872Jul 31, 2023affected < 23.01.0-150500.3.5.2fixed 23.01.0-150500.3.5.2
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
- CVE-2022-27337May 5, 2022affected < 0.79.0-150200.3.11.1fixed 0.79.0-150200.3.11.1
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2019-16115Sep 8, 2019affected < 0.79.0-150200.3.14.1fixed 0.79.0-150200.3.14.1
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted P
- CVE-2019-9545Mar 1, 2019affected < 0.79.0-150200.3.26.1fixed 0.79.0-150200.3.26.1
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation f