freedesktop poppler 0.74.0

CPE Details

freedesktop poppler 0.74.0
0.74.0
2019-02-27
12h41 +00:00
2019-02-27
12h41 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*

Informations

Vendor

freedesktop

Product

poppler

Version

0.74.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-6239 2024-06-21 13h28 +00:00 A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
7.5
Haute
CVE-2023-34872 2023-07-30 22h00 +00:00 A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
5.5
Moyen
CVE-2022-38784 2022-08-30 02h58 +00:00 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
7.8
Haute
CVE-2022-38171 2022-08-22 18h33 +00:00 Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
7.8
Haute
CVE-2021-30860 2021-08-24 18h49 +00:00 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
7.8
Haute
CVE-2020-27778 2020-12-03 15h46 +00:00 A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
7.5
Haute
CVE-2018-21009 2019-09-05 01h24 +00:00 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
8.8
Haute
CVE-2019-14494 2019-08-01 14h05 +00:00 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
7.5
Haute
CVE-2019-9959 2019-07-22 12h18 +00:00 The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
6.5
Moyen
CVE-2019-12293 2019-05-23 02h54 +00:00 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
8.8
Haute
CVE-2019-10873 2019-04-05 01h17 +00:00 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
6.5
Moyen
CVE-2019-10872 2019-04-05 01h16 +00:00 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
8.8
Haute
CVE-2019-10871 2019-04-05 01h16 +00:00 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
6.5
Moyen
CVE-2019-9903 2019-03-21 16h42 +00:00 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
6.5
Moyen
CVE-2019-9631 2019-03-08 04h00 +00:00 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
9.8
Critique
CVE-2019-9543 2019-03-01 18h00 +00:00 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
8.8
Haute
CVE-2019-9545 2019-03-01 18h00 +00:00 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
8.8
Haute
CVE-2019-9200 2019-02-26 22h00 +00:00 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
8.8
Haute