Freedesktop Poppler vulnerabilities

CVE-2025-43718 [LOW] CWE-674 CVE-2025-43718: Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex e

CVE-2025-50420 [MEDIUM] CWE-674 CVE-2025-50420: An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an inf An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).

CVE-2025-52886 [MEDIUM] CWE-416 CVE-2025-52886: Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference co Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

CVE-2025-43903 [MEDIUM] CWE-347 CVE-2025-43903: NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVE-2025-32365 [MEDIUM] CWE-125 CVE-2025-32365: Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap: Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

CVE-2025-32364 [MEDIUM] CWE-190 CVE-2025-32364: A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an appl A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

CVE-2024-56378 [MEDIUM] CWE-125 CVE-2024-56378: libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bit libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVE-2024-6239 [HIGH] CWE-20 CVE-2024-6239: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter wit A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

CVE-2020-23804 [HIGH] CWE-674 CVE-2020-23804: Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

CVE-2022-37050 [MEDIUM] CVE-2022-37050: In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (a In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

CVE-2020-18839 [MEDIUM] CWE-787 CVE-2020-18839: Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a d Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

CVE-2022-38349 [MEDIUM] CWE-617 CVE-2022-38349: An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

CVE-2022-37052 [MEDIUM] CWE-617 CVE-2022-37052: A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of ser A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

CVE-2022-37051 [MEDIUM] CWE-617 CVE-2022-37051: An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of serv An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

CVE-2020-36024 [MEDIUM] CWE-476 CVE-2020-36024: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a d An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

CVE-2020-36023 [MEDIUM] CWE-835 CVE-2020-36023: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a d An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVE-2023-34872 [MEDIUM] CWE-400 CVE-2023-34872: A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denia A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

CVE-2022-38784 [HIGH] CVE-2022-38784: Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Strea Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

CVE-2022-38171 [HIGH] CWE-190 CVE-2022-38171: Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextR Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

CVE-2022-27337 [MEDIUM] CVE-2022-27337: A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.