Filtered by vendor Freedesktop
Subscriptions
Filtered by product Poppler
Subscriptions
Total
82 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-6239 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-09-18 | 7.5 High |
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||||
CVE-2017-2818 | 1 Freedesktop | 1 Poppler | 2024-09-17 | N/A |
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. | ||||
CVE-2022-38784 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 4 Debian Linux, Fedora, Poppler and 1 more | 2024-09-17 | 7.8 High |
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. | ||||
CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2024-09-16 | N/A |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | ||||
CVE-2017-2814 | 1 Freedesktop | 1 Poppler | 2024-09-16 | N/A |
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. | ||||
CVE-2022-38171 | 2 Freedesktop, Xpdfreader | 2 Poppler, Xpdf | 2024-09-16 | 7.8 High |
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). | ||||
CVE-2017-14617 | 1 Freedesktop | 1 Poppler | 2024-09-16 | N/A |
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | ||||
CVE-2017-2820 | 1 Freedesktop | 1 Poppler | 2024-09-16 | 8.8 High |
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. | ||||
CVE-2007-3387 | 7 Apple, Canonical, Debian and 4 more | 7 Cups, Ubuntu Linux, Debian Linux and 4 more | 2024-08-07 | N/A |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | ||||
CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2024-08-07 | N/A |
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | ||||
CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-07 | 7.8 High |
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | ||||
CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-07 | 6.5 Medium |
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | ||||
CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 12 Cups, Ubuntu Linux, Debian Linux and 9 more | 2024-08-07 | N/A |
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | ||||
CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-08-06 | 7.8 High |
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | ||||
CVE-2013-7296 | 1 Freedesktop | 1 Poppler | 2024-08-06 | N/A |
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. | ||||
CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-08-06 | N/A |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-08-06 | N/A |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | ||||
CVE-2013-4474 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-08-06 | N/A |
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. | ||||
CVE-2013-1788 | 1 Freedesktop | 1 Poppler | 2024-08-06 | N/A |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. | ||||
CVE-2013-1790 | 1 Freedesktop | 1 Poppler | 2024-08-06 | N/A |
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. |