Vulnerabilities (CVE)

Filtered by vendor Freedesktop Subscribe
Filtered by product Poppler
Total 82 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6239 2 Freedesktop, Redhat 2 Poppler, Enterprise Linux 2024-11-12 N/A 7.5 HIGH
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
CVE-2020-35702 1 Freedesktop 1 Poppler 2024-08-04 6.8 MEDIUM 7.8 HIGH
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
CVE-2022-37050 1 Freedesktop 1 Poppler 2024-02-28 N/A 6.5 MEDIUM
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
CVE-2020-36023 1 Freedesktop 1 Poppler 2024-02-28 N/A 6.5 MEDIUM
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
CVE-2020-36024 1 Freedesktop 1 Poppler 2024-02-28 N/A 5.5 MEDIUM
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
CVE-2020-18839 1 Freedesktop 1 Poppler 2024-02-28 N/A 6.5 MEDIUM
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
CVE-2022-37051 1 Freedesktop 1 Poppler 2024-02-28 N/A 6.5 MEDIUM
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVE-2022-37052 1 Freedesktop 1 Poppler 2024-02-28 N/A 6.5 MEDIUM
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2022-38349 1 Freedesktop 1 Poppler 2024-02-28 N/A 6.5 MEDIUM
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
CVE-2020-23804 1 Freedesktop 1 Poppler 2024-02-28 N/A 7.5 HIGH
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2023-34872 1 Freedesktop 1 Poppler 2024-02-28 N/A 5.5 MEDIUM
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVE-2022-38784 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Poppler 2024-02-28 N/A 7.8 HIGH
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
CVE-2022-38171 2 Freedesktop, Xpdfreader 2 Poppler, Xpdf 2024-02-28 N/A 7.8 HIGH
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVE-2022-27337 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Poppler 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2021-30860 3 Apple, Freedesktop, Xpdfreader 7 Ipados, Iphone Os, Mac Os X and 4 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2020-27778 3 Debian, Freedesktop, Redhat 3 Debian Linux, Poppler, Enterprise Linux 2024-02-28 5.0 MEDIUM 7.5 HIGH
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
CVE-2012-2142 4 Freedesktop, Opensuse, Redhat and 1 more 4 Poppler, Opensuse, Enterprise Linux and 1 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2010-4654 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-02-28 9.3 HIGH 7.8 HIGH
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
CVE-2010-4653 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVE-2019-10871 1 Freedesktop 1 Poppler 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.