VYPR

Vendor CVEs

Poppler (software)

All CVEs

107 total · sorted by risk
  • CVE-2020-18839Aug 22, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

  • CVE-2022-37050Aug 22, 2023
    risk 0.00cvss epss 0.01

    In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the…

  • CVE-2023-34872Jul 31, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

  • CVE-2022-38784Aug 30, 2022
    risk 0.00cvss epss 0.01

    Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the…

  • CVE-2022-27337May 5, 2022
    risk 0.00cvss epss 0.02

    A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

  • CVE-2020-35702Dec 25, 2020
    risk 0.00cvss epss 0.01

    DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT…

  • CVE-2012-2142Jan 9, 2020
    risk 0.00cvss epss 0.03

    The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

  • CVE-2010-4654Nov 13, 2019
    risk 0.00cvss epss 0.01

    poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

  • CVE-2010-4653Nov 13, 2019
    risk 0.00cvss epss 0.02

    An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

  • CVE-2010-0207Oct 30, 2019
    risk 0.00cvss epss 0.01

    In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.

  • CVE-2018-21009Sep 5, 2019
    risk 0.00cvss epss 0.02

    Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

  • CVE-2019-14494Aug 1, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

  • CVE-2019-9959Jul 22, 2019
    risk 0.00cvss epss 0.02

    The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by…

  • CVE-2019-12293May 23, 2019
    risk 0.00cvss epss 0.03

    In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

  • CVE-2019-11026Apr 8, 2019
    risk 0.00cvss epss 0.02

    FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

  • CVE-2019-10873Apr 5, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

  • CVE-2019-10872Apr 5, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

  • CVE-2019-10871Apr 5, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

  • CVE-2019-9903Mar 21, 2019
    risk 0.00cvss epss 0.02

    PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

  • CVE-2019-9631Mar 8, 2019
    risk 0.00cvss epss 0.04

    Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

  • CVE-2019-9543Mar 1, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service…

  • CVE-2019-9545Mar 1, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation…

  • CVE-2019-9200Feb 26, 2019
    risk 0.00cvss epss 0.03

    A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly…

  • CVE-2019-7310Feb 3, 2019
    risk 0.00cvss epss 0.02

    In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as…

  • CVE-2018-20662Jan 3, 2019
    risk 0.00cvss epss 0.02

    In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during…

  • CVE-2018-20650Jan 1, 2019
    risk 0.00cvss epss 0.03

    A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

  • CVE-2018-20551Dec 28, 2018
    risk 0.00cvss epss 0.02

    A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

  • CVE-2018-20481Dec 26, 2018
    risk 0.00cvss epss 0.03

    XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

  • CVE-2018-19149Nov 10, 2018
    risk 0.00cvss epss 0.03

    Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

  • CVE-2018-19059Nov 7, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

  • CVE-2018-19060Nov 7, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

  • CVE-2018-19058Nov 7, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

  • CVE-2018-18897Nov 2, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

  • CVE-2018-13988MedJul 25, 2018
    risk 0.00cvss 6.5epss 0.03

    Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a…

  • CVE-2013-7296Jan 26, 2014
    risk 0.00cvss epss 0.02

    The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

  • CVE-2013-1789Apr 9, 2013
    risk 0.00cvss epss 0.02

    splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

  • CVE-2010-3704Nov 5, 2010
    risk 0.00cvss epss 0.04

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly…

  • CVE-2010-3703Nov 5, 2010
    risk 0.00cvss epss 0.03

    The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that…

  • CVE-2010-3702Nov 5, 2010
    risk 0.00cvss epss 0.03

    The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an…

  • CVE-2009-3938Nov 13, 2009
    risk 0.00cvss epss 0.05

    Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly…

  • CVE-2009-3605Nov 2, 2009
    risk 0.00cvss epss 0.04

    Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4)…

  • CVE-2009-3609Oct 21, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that…

  • CVE-2009-3607Oct 21, 2009
    risk 0.00cvss epss 0.06

    Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer…

  • CVE-2009-0791Jun 9, 2009
    risk 0.00cvss epss 0.06

    Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted…

  • CVE-2009-1183Apr 23, 2009
    risk 0.00cvss epss 0.04

    The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

  • CVE-2009-1181Apr 23, 2009
    risk 0.00cvss epss 0.04

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

  • CVE-2009-1180Apr 23, 2009
    risk 0.00cvss epss 0.05

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

  • CVE-2009-1179Apr 23, 2009
    risk 0.00cvss epss 0.06

    Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2009-0800Apr 23, 2009
    risk 0.00cvss epss 0.05

    Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2009-0799Apr 23, 2009
    risk 0.00cvss epss 0.04

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.