Latest freedesktop poppler Vulnerabilities

CVE-2020-18839
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
freedesktop poppler=0.75.0
CVE-2020-23804
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
ubuntu/poppler<20.09.0-1
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.4
ubuntu/poppler<0.41.0-0ubuntu1.16+
freedesktop poppler=0.89.0
Debian Debian Linux=10.0
and 3 more
CVE-2022-37051
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
ubuntu/poppler<22.08.0-2
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.4
ubuntu/poppler<22.02.0-2ubuntu0.3
ubuntu/poppler<0.41.0-0ubuntu1.16+
freedesktop poppler=22.07.0
and 4 more
CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandl...
ubuntu/poppler<0.41.0-0ubuntu1.16+
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.4
ubuntu/poppler<22.02.0-2ubuntu0.3
ubuntu/poppler<22.08.0-2
freedesktop poppler=22.07.0
and 4 more
CVE-2022-38349
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving a...
freedesktop poppler=22.08.0
=22.08.0
debian/poppler<=0.71.0-5<=0.71.0-5+deb10u3<=20.09.0-3.1+deb11u1
ubuntu/poppler<22.12.0-2
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.4
and 2 more
CVE-2022-37052
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
freedesktop poppler=22.07.0
=22.07.0
debian/poppler<=0.71.0-5<=0.71.0-5+deb10u3<=20.09.0-3.1+deb11u1
ubuntu/poppler<22.08.0-2
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.4
and 2 more
CVE-2020-36024
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
ubuntu/poppler<21.01.0
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.3
ubuntu/poppler<0.41.0-0ubuntu1.16+
freedesktop poppler=20.12.1
=20.12.1
and 1 more
CVE-2020-36023
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
ubuntu/poppler<21.01.0
ubuntu/poppler<0.62.0-2ubuntu2.14+
ubuntu/poppler<0.86.1-0ubuntu1.3
ubuntu/poppler<0.41.0-0ubuntu1.16+
freedesktop poppler=20.12.1
=20.12.1
and 1 more
CVE-2023-34872
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
freedesktop poppler<23.06.0
<23.06.0
ubuntu/poppler<23.06.0
ubuntu/poppler<22.02.0-2ubuntu0.2
ubuntu/poppler<22.12.0-2ubuntu1.1
ubuntu/poppler<22.12.0-2ubuntu2
and 1 more
CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image cou...
debian/poppler<=22.08.0-2<=20.09.0-3.1
debian/poppler<=0.71.0-5
freedesktop poppler<=22.08.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
and 2 more
CVE-2022-38171
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to ...
Xpdfreader Xpdf=4.04
freedesktop poppler<22.09.0
CVE-2022-27337
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
=22.03.0
=36
=10.0
=11.0
freedesktop poppler=22.03.0
Fedoraproject Fedora=36
and 5 more
CVE-2021-30860
Apple Multiple Products Integer Overflow Vulnerability
Apple iPadOS<14.8
Apple iPhone OS<12.5.5
Apple iPhone OS>=13.0<14.8
Apple Mac OS X>=10.15<10.15.7
Apple Mac OS X=10.15.7
Apple Mac OS X=10.15.7-security_update_2020
and 16 more
CVE-2020-35702
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppl...
freedesktop poppler=20.12.1
=20.12.1
CVE-2020-27778
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' p...
redhat/poppler<0.76.0
freedesktop poppler<0.76.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
CVE-2012-2142
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
freedesktop poppler<0.21.4
Xpdfreader Xpdf=3.02
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
openSUSE openSUSE=12.2
CVE-2018-21009
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
redhat/poppler<0.76.0
freedesktop poppler<0.76.0
CVE-2019-14494
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
freedesktop poppler<=0.78.0
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 6 more
CVE-2019-9959
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chu...
freedesktop poppler<=0.78.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=29
Fedoraproject Fedora=30
and 12 more
CVE-2019-12293
An issue was discovered in Poppler 0.76.1. There is a heap-based buffer over-read in the function JPXStream::init in JPEG2000Stream.cc. Upstream issue: <a href="https://gitlab.freedesktop.org/poppler...
freedesktop poppler<=0.76.1
redhat/poppler<0.77.0
ubuntu/poppler<0.62.0-2ubuntu2.9
ubuntu/poppler<0.68.0-0ubuntu1.7
ubuntu/poppler<0.74.0-0ubuntu1.2
ubuntu/poppler<0.41.0-0ubuntu1.14
and 1 more
CVE-2019-11026
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
freedesktop poppler=0.75.0
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
CVE-2019-10871
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
freedesktop poppler=0.74.0
CVE-2019-10872
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
freedesktop poppler=0.74.0
ubuntu/poppler<0.62.0-2ubuntu2.9
ubuntu/poppler<0.68.0-0ubuntu1.7
ubuntu/poppler<0.74.0-0ubuntu1.2
ubuntu/poppler<0.41.0-0ubuntu1.14
debian/poppler
CVE-2019-10873
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
freedesktop poppler=0.74.0
ubuntu/poppler<0.74.0-0ubuntu1.2
debian/poppler
CVE-2019-9903
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing...
freedesktop poppler=0.74.0
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
and 19 more
CVE-2019-9631
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
freedesktop poppler=0.74.0
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Debian Debian Linux=8.0
ubuntu/poppler<0.62.0-2ubuntu2.9
and 4 more
CVE-2019-9545
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pd...
freedesktop poppler=0.74.0
CVE-2019-9543
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the...
freedesktop poppler=0.74.0
CVE-2019-9200
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It all...
freedesktop poppler=0.74.0
Debian Debian Linux=8.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
and 6 more
CVE-2019-7310
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash)...
ubuntu/poppler<0.41.0-0ubuntu1.12
ubuntu/poppler<0.62.0-2ubuntu2.7
ubuntu/poppler<0.68.0-0ubuntu1.5
ubuntu/poppler<0.24.5-2ubuntu4.16
=0.73.0
=14.04
and 37 more
CVE-2018-20662
A flaw was found in Poppler 0.72.0. The PDFDoc::setup class in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value fr...
freedesktop poppler=0.72.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
and 23 more
CVE-2018-20650
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class...
debian/poppler<=0.71.0-5
ubuntu/poppler<0.41.0-0ubuntu1.11
ubuntu/poppler<0.62.0-2ubuntu2.6
ubuntu/poppler<0.68.0-0ubuntu1.4
ubuntu/poppler<0.24.5-2ubuntu4.15
freedesktop poppler=0.72.0
and 21 more
CVE-2018-20551
A flaw was found in Poppler 0.72.0. A reachable Object::getString assertion allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMe...
ubuntu/poppler<0.41.0-0ubuntu1.12
ubuntu/poppler<0.62.0-2ubuntu2.7
ubuntu/poppler<0.68.0-0ubuntu1.5
=0.72.0
=14.04
=16.04
and 8 more
CVE-2018-20481
A flaw was found in Poppler 0.72.0. A NULL pointer dereference in the XRef::getEntry class in XRef.cc file due to the mishandle of unallocated XRef entries. This allows remote attackers to cause a den...
ubuntu/poppler<0.41.0-0ubuntu1.11
ubuntu/poppler<0.62.0-2ubuntu2.6
ubuntu/poppler<0.68.0-0ubuntu1.4
ubuntu/poppler<0.24.5-2ubuntu4.15
=0.72.0
=14.04
and 11 more
CVE-2018-19149
An issue was found in Poppler before 0.70.0. A NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. References: <a href="https://gitlab...
<0.70.0
=14.04
=16.04
=18.04
=18.10
freedesktop poppler<0.70.0
and 9 more
CVE-2018-19058
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded f...
=0.71.0
=14.04
=16.04
=18.04
=18.10
=8.0
and 21 more
CVE-2018-19060
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an...
=0.71.0
=14.04
=16.04
=18.04
=18.10
freedesktop poppler=0.71.0
and 9 more
CVE-2018-19059
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded...
=0.71.0
=14.04
=16.04
=18.04
=18.10
freedesktop poppler=0.71.0
and 9 more
CVE-2018-18897
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
freedesktop poppler=0.71.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Canonical Ubuntu Linux=19.04
and 18 more
CVE-2018-16646
A flaw was found in Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. References: <a c...
=0.68.0
=8.0
=14.04
=16.04
=18.04
=18.10
and 11 more
CVE-2018-13988
An out-of-bounds read flaw was found in the Poppler library as demonstrated by pdfunite. This may result in a denial of service or other undefined behavior. This flaw may be exploitable when a victim ...
redhat/poppler<0.67.0
ubuntu/poppler<0.41.0-0ubuntu1.8
ubuntu/poppler<0.62.0-2ubuntu2.2
ubuntu/poppler<0.24.5-2ubuntu4.12
<=0.62.0
=14.04
and 19 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203