Filtered by vendor Freedesktop
Subscriptions
Filtered by product Poppler
Subscriptions
Total
82 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10873 | 1 Freedesktop | 1 Poppler | 2024-08-04 | N/A |
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. | ||||
CVE-2019-10872 | 1 Freedesktop | 1 Poppler | 2024-08-04 | N/A |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. | ||||
CVE-2019-9959 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 7 Debian Linux, Fedora, Poppler and 4 more | 2024-08-04 | 6.5 Medium |
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | ||||
CVE-2019-9903 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-08-04 | 6.5 Medium |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | ||||
CVE-2019-9631 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 4 Debian Linux, Fedora, Poppler and 1 more | 2024-08-04 | N/A |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | ||||
CVE-2019-9545 | 1 Freedesktop | 1 Poppler | 2024-08-04 | N/A |
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. | ||||
CVE-2019-9543 | 1 Freedesktop | 1 Poppler | 2024-08-04 | N/A |
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. | ||||
CVE-2019-9200 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Poppler and 1 more | 2024-08-04 | N/A |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
CVE-2019-7310 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-08-04 | 7.8 High |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | ||||
CVE-2020-36023 | 1 Freedesktop | 1 Poppler | 2024-08-04 | 6.5 Medium |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | ||||
CVE-2020-36024 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-08-04 | 5.5 Medium |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | ||||
CVE-2020-35702 | 1 Freedesktop | 1 Poppler | 2024-08-04 | 7.8 High |
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects | ||||
CVE-2020-27778 | 3 Debian, Freedesktop, Redhat | 3 Debian Linux, Poppler, Enterprise Linux | 2024-08-04 | 7.5 High |
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | ||||
CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-04 | 7.5 High |
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
CVE-2020-18839 | 1 Freedesktop | 1 Poppler | 2024-08-04 | 6.5 Medium |
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. | ||||
CVE-2021-30860 | 3 Apple, Freedesktop, Xpdfreader | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2024-08-03 | 7.8 High |
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
CVE-2022-38349 | 1 Freedesktop | 1 Poppler | 2024-08-03 | 6.5 Medium |
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | ||||
CVE-2022-37052 | 1 Freedesktop | 1 Poppler | 2024-08-03 | 6.5 Medium |
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | ||||
CVE-2022-37051 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-03 | 6.5 Medium |
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||||
CVE-2022-37050 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-03 | 6.5 Medium |
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. |