VYPR

Vendor CVEs

Poppler (software)

All CVEs

107 total · sorted by risk
  • CVE-2017-2820HigJul 12, 2017
    risk 0.58cvss 8.8epss 0.04

    An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary…

  • CVE-2017-15565HigOct 17, 2017
    risk 0.57cvss 8.8epss 0.02

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

  • CVE-2026-10118HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation,…

  • CVE-2017-14617HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

  • CVE-2017-14520HigSep 17, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.

  • CVE-2017-14518HigSep 17, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

  • CVE-2017-9776HigJun 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2015-8868HigMay 6, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState…

  • CVE-2017-14977HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.02

    The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14976HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.03

    The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14975HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.02

    The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14929HigSep 30, 2017
    risk 0.49cvss 7.5epss 0.01

    In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different…

  • CVE-2017-14519HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.02

    In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

  • CVE-2017-2818HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.02

    An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be…

  • CVE-2017-2814HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker…

  • CVE-2017-9775MedJun 22, 2017
    risk 0.43cvss 6.5epss 0.04

    Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2018-16646MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.03

    In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

  • CVE-2018-10768MedMay 6, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

  • CVE-2025-52885MedOct 10, 2025
    risk 0.40cvss epss 0.00

    Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a…

  • CVE-2017-18267MedMay 10, 2018
    risk 0.36cvss 5.5epss 0.02

    The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

  • CVE-2017-14928MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

  • CVE-2017-14927MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

  • CVE-2017-14926MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

  • CVE-2017-14517MedSep 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

  • CVE-2017-9865MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.02

    The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

  • CVE-2017-7511MedMay 30, 2017
    risk 0.36cvss 5.5epss 0.01

    poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

  • CVE-2025-50422LowAug 4, 2025
    risk 0.19cvss 2.9epss 0.00

    Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

  • CVE-2025-43718LowOct 1, 2025
    risk 0.12cvss 2.9epss 0.00

    Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup,…

  • CVE-2009-0756Mar 3, 2009
    risk 0.04cvss epss 0.10

    The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory…

  • CVE-2009-0755Mar 3, 2009
    risk 0.04cvss epss 0.11

    The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

  • CVE-2008-2950Jul 7, 2008
    risk 0.04cvss epss 0.14

    The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

  • CVE-2009-3608Oct 21, 2009
    risk 0.01cvss epss 0.10

    Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that…

  • CVE-2009-3606Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

  • CVE-2009-3604Oct 21, 2009
    risk 0.01cvss epss 0.09

    The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…

  • CVE-2009-3603Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are…

  • CVE-2009-1188Apr 23, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-1187Apr 23, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

  • CVE-2009-1182Apr 23, 2009
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2025-59933Sep 29, 2025
    risk 0.00cvss epss 0.00

    libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a…

  • CVE-2025-52886Jul 2, 2025
    risk 0.00cvss epss 0.00

    Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

  • CVE-2025-43903Apr 18, 2025
    risk 0.00cvss epss 0.00

    NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

  • CVE-2025-32364Apr 5, 2025
    risk 0.00cvss epss 0.00

    A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

  • CVE-2025-32365Apr 5, 2025
    risk 0.00cvss epss 0.00

    Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

  • CVE-2024-56378Dec 22, 2024
    risk 0.00cvss epss 0.01

    libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

  • CVE-2024-6239Jun 21, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

  • CVE-2022-37051Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

  • CVE-2022-37052Aug 22, 2023
    risk 0.00cvss epss 0.01

    A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

  • CVE-2020-23804Aug 22, 2023
    risk 0.00cvss epss 0.01

    Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

  • CVE-2020-18839Aug 22, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

Page 1 of 3