Product:

Poppler

(Freedesktop)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 82
Date Id Summary Products Score Patch Annotated
2018-12-26 CVE-2018-20481 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. Ubuntu_linux, Debian_linux, Poppler 6.5
2018-09-06 CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. Ubuntu_linux, Debian_linux, Poppler 6.5
2018-05-10 CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. Ubuntu_linux, Debian_linux, Poppler, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2020-01-09 CVE-2012-2142 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. Poppler, Opensuse, Enterprise_linux, Xpdf N/A
2019-11-13 CVE-2010-4654 poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. Debian_linux, Poppler N/A
2017-06-06 CVE-2017-7515 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. Poppler 5.5
2017-09-30 CVE-2017-14929 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. Poppler 7.5
2017-09-17 CVE-2017-14519 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). Poppler 7.5
2018-12-28 CVE-2018-20551 A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Ubuntu_linux, Poppler 6.5
2018-11-10 CVE-2018-19149 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. Ubuntu_linux, Poppler 6.5