VYPR

Poppler

by Poppler (software)

Source repositories

CVEs (107)

  • CVE-2025-52886Jul 2, 2025
    risk 0.00cvss epss 0.00

    Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

  • CVE-2025-43903Apr 18, 2025
    risk 0.00cvss epss 0.00

    NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

  • CVE-2025-32364Apr 5, 2025
    risk 0.00cvss epss 0.00

    A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

  • CVE-2025-32365Apr 5, 2025
    risk 0.00cvss epss 0.00

    Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

  • CVE-2024-56378Dec 22, 2024
    risk 0.00cvss epss 0.01

    libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

  • CVE-2024-6239Jun 21, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

  • CVE-2022-37052Aug 22, 2023
    risk 0.00cvss epss 0.01

    A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

  • CVE-2022-37050Aug 22, 2023
    risk 0.00cvss epss 0.01

    In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the…

  • CVE-2020-18839Aug 22, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

  • CVE-2022-37051Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

  • CVE-2020-23804Aug 22, 2023
    risk 0.00cvss epss 0.01

    Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

  • CVE-2022-38349Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

  • CVE-2023-34872Jul 31, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

  • CVE-2022-38784Aug 30, 2022
    risk 0.00cvss epss 0.01

    Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the…

  • CVE-2022-27337May 5, 2022
    risk 0.00cvss epss 0.02

    A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

  • CVE-2020-35702Dec 25, 2020
    risk 0.00cvss epss 0.01

    DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT…

  • CVE-2012-2142Jan 9, 2020
    risk 0.00cvss epss 0.03

    The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

  • CVE-2010-4654Nov 13, 2019
    risk 0.00cvss epss 0.01

    poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

  • CVE-2010-4653Nov 13, 2019
    risk 0.00cvss epss 0.02

    An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

  • CVE-2010-0207Oct 30, 2019
    risk 0.00cvss epss 0.01

    In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.

Page 3 of 6