VYPR

Poppler

by Xorg

Source repositories

CVEs (46)

  • CVE-2017-14926MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

  • CVE-2017-14517MedSep 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

  • CVE-2017-9865MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.02

    The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

  • CVE-2017-7515MedJun 6, 2017
    risk 0.36cvss 5.5epss 0.01

    poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

  • CVE-2017-7511MedMay 30, 2017
    risk 0.36cvss 5.5epss 0.01

    poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

  • CVE-2013-4474Nov 23, 2013
    risk 0.04cvss epss 0.10

    Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

  • CVE-2013-4473Nov 23, 2013
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

  • CVE-2009-3603Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are…

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2025-50420Aug 4, 2025
    risk 0.00cvss epss 0.00

    An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).

  • CVE-2025-43903Apr 18, 2025
    risk 0.00cvss epss 0.00

    NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

  • CVE-2025-32364Apr 5, 2025
    risk 0.00cvss epss 0.00

    A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

  • CVE-2025-32365Apr 5, 2025
    risk 0.00cvss epss 0.00

    Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

  • CVE-2022-37050Aug 22, 2023
    risk 0.00cvss epss 0.01

    In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the…

  • CVE-2020-36024Aug 11, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

  • CVE-2020-36023Aug 11, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

  • CVE-2012-2142Jan 9, 2020
    risk 0.00cvss epss 0.03

    The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

  • CVE-2019-9903Mar 21, 2019
    risk 0.00cvss epss 0.02

    PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

  • CVE-2010-5110Aug 29, 2014
    risk 0.00cvss epss 0.03

    DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

  • CVE-2013-4472Apr 22, 2014
    risk 0.00cvss epss 0.00

    The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.