Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16646 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Poppler | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | |||||
| CVE-2018-13988 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. | |||||
| CVE-2018-10768 | 4 Canonical, Debian, Freedesktop and 1 more | 7 Ubuntu Linux, Debian Linux, Poppler and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. | |||||
| CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 7 Ubuntu Linux, Debian Linux, Poppler and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | |||||
| CVE-2017-1000456 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | |||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | |||||