VYPR
Vendor

Poppler (software)

Poppler is a free and open-source software library for rendering Portable Document Format (PDF) documents. Its development is supported by freedesktop.org. Commonly used on Linux systems, it powers the PDF viewers of the GNOME and KDE desktop environments.

Products
2
CVEs
107
Across products
108
Status
Private

Products

2

Recent CVEs

107
View all 107 CVEs →
  • CVE-2017-2820HigJul 12, 2017
    risk 0.58cvss 8.8epss 0.04

    An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary…

  • CVE-2017-15565HigOct 17, 2017
    risk 0.57cvss 8.8epss 0.02

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

  • CVE-2026-10118HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation,…

  • CVE-2017-14617HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

  • CVE-2017-14520HigSep 17, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.

  • CVE-2017-14518HigSep 17, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

  • CVE-2017-9776HigJun 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2015-8868HigMay 6, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState…

  • CVE-2017-14977HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.02

    The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14976HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.03

    The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14975HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.02

    The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14929HigSep 30, 2017
    risk 0.49cvss 7.5epss 0.01

    In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different…

  • CVE-2017-14519HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.02

    In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

  • CVE-2017-2818HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.02

    An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be…

  • CVE-2017-2814HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker…

  • CVE-2017-9775MedJun 22, 2017
    risk 0.43cvss 6.5epss 0.04

    Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2018-16646MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.03

    In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

  • CVE-2018-10768MedMay 6, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

  • CVE-2025-52885MedOct 10, 2025
    risk 0.40cvss epss 0.00

    Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a…

  • CVE-2017-18267MedMay 10, 2018
    risk 0.36cvss 5.5epss 0.02

    The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.