VYPR

Poppler

by Poppler (software)

Source repositories

CVEs (107)

  • CVE-2017-14928MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

  • CVE-2017-14927MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

  • CVE-2017-14926MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

  • CVE-2017-14517MedSep 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

  • CVE-2017-9865MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.02

    The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

  • CVE-2017-7511MedMay 30, 2017
    risk 0.36cvss 5.5epss 0.01

    poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

  • CVE-2025-50422LowAug 4, 2025
    risk 0.19cvss 2.9epss 0.00

    Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

  • CVE-2025-43718LowOct 1, 2025
    risk 0.12cvss 2.9epss 0.00

    Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup,…

  • CVE-2009-0756Mar 3, 2009
    risk 0.04cvss epss 0.10

    The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory…

  • CVE-2009-0755Mar 3, 2009
    risk 0.04cvss epss 0.11

    The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

  • CVE-2008-2950Jul 7, 2008
    risk 0.04cvss epss 0.14

    The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

  • CVE-2009-3608Oct 21, 2009
    risk 0.01cvss epss 0.10

    Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that…

  • CVE-2009-3606Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

  • CVE-2009-3604Oct 21, 2009
    risk 0.01cvss epss 0.09

    The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…

  • CVE-2009-3603Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are…

  • CVE-2009-1188Apr 23, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-1187Apr 23, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

  • CVE-2009-1182Apr 23, 2009
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2025-59933Sep 29, 2025
    risk 0.00cvss epss 0.00

    libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a…

Page 2 of 6