Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Poppler
(Freedesktop)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 82 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-03-21 | CVE-2019-9903 | PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 6.5 | ||
2019-04-05 | CVE-2019-10871 | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. | Poppler | 6.5 | ||
2019-04-05 | CVE-2019-10872 | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. | Poppler | 8.8 | ||
2019-04-05 | CVE-2019-10873 | An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. | Poppler | 6.5 | ||
2019-04-08 | CVE-2019-11026 | FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | Fedora, Poppler | 6.5 | ||
2019-05-23 | CVE-2019-12293 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | Poppler | 8.8 | ||
2019-07-22 | CVE-2019-9959 | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | Debian_linux, Fedora, Poppler, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 6.5 | ||
2019-08-01 | CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux | 7.5 | ||
2018-11-02 | CVE-2018-18897 | An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | Ubuntu_linux, Debian_linux, Poppler, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.5 | ||
2007-07-30 | CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | Cups, Ubuntu_linux, Debian_linux, Poppler, Gpdf, Xpdf | N/A |