Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Poppler
(Freedesktop)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 82 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-12-26 | CVE-2018-20481 | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | Ubuntu_linux, Debian_linux, Poppler | 6.5 | ||
2018-09-06 | CVE-2018-16646 | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | Ubuntu_linux, Debian_linux, Poppler | 6.5 | ||
2018-05-10 | CVE-2017-18267 | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | Ubuntu_linux, Debian_linux, Poppler, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 5.5 | ||
2020-01-09 | CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | Poppler, Opensuse, Enterprise_linux, Xpdf | N/A | ||
2019-11-13 | CVE-2010-4654 | poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | Debian_linux, Poppler | N/A | ||
2017-06-06 | CVE-2017-7515 | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | Poppler | 5.5 | ||
2017-09-30 | CVE-2017-14929 | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | Poppler | 7.5 | ||
2017-09-17 | CVE-2017-14519 | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | Poppler | 7.5 | ||
2018-12-28 | CVE-2018-20551 | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | Ubuntu_linux, Poppler | 6.5 | ||
2018-11-10 | CVE-2018-19149 | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | Ubuntu_linux, Poppler | 6.5 |