English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

freedesktop Poppler 0.26.1

CPE Details

freedesktop Poppler 0.26.1
freedesktop
poppler
0.26.1
2017-07-11 00:41 +00:00
2017-07-11 00:41 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:freedesktop:poppler:0.26.1:*:*:*:*:*:*:*

Informations

Vendor

freedesktop

Product

poppler

Version

0.26.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-6239 2024-06-21 13:28 +00:00 A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
7.5
HIGH
CVE-2023-34872 2023-07-30 22:00 +00:00 A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
5.5
MEDIUM
CVE-2022-38784 2022-08-23 22:00 +00:00 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
7.8
HIGH
CVE-2022-38171 2022-04-17 22:00 +00:00 Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
7.8
HIGH
CVE-2021-30860 2021-08-24 16:49 +00:00 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
7.8
HIGH
CVE-2020-27778 2020-12-03 15:46 +00:00 A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
7.5
HIGH
CVE-2018-21009 2019-09-05 01:24 +00:00 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
8.8
HIGH
CVE-2019-14494 2019-08-01 14:05 +00:00 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
7.5
HIGH
CVE-2019-9959 2019-07-22 12:18 +00:00 The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
6.5
MEDIUM
CVE-2019-12293 2019-05-23 02:54 +00:00 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
8.8
HIGH
CVE-2018-19149 2018-11-10 18:00 +00:00 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
6.5
MEDIUM
CVE-2018-13988 2018-07-25 21:00 +00:00 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
6.5
MEDIUM
CVE-2017-18267 2018-05-10 13:00 +00:00 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
5.5
MEDIUM
CVE-2018-10768 2018-05-06 21:00 +00:00 There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
6.5
MEDIUM
CVE-2017-9775 2017-06-22 19:00 +00:00 Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
6.5
MEDIUM
CVE-2017-9776 2017-06-22 19:00 +00:00 Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
7.8
HIGH
CVE-2017-7515 2017-06-06 12:00 +00:00 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
5.5
MEDIUM
CVE-2017-7511 2017-05-30 16:00 +00:00 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
5.5
MEDIUM

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.