Freedesktop Poppler vulnerabilities

CVE-2021-30860 [HIGH] CWE-190 CVE-2021-30860: An integer overflow was addressed with improved input validation. This issue is fixed in Security Up An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2020-35702 [HIGH] CWE-787 CVE-2020-35702: DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafte DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open

CVE-2020-27778 [HIGH] CWE-824 CVE-2020-27778: A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

CVE-2012-2142 [HIGH] CVE-2012-2142: The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

CVE-2010-4654 [HIGH] CWE-74 CVE-2010-4654: poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

CVE-2010-4653 [MEDIUM] CWE-190 CVE-2010-4653: An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

CVE-2018-21009 [HIGH] CWE-190 CVE-2018-21009: Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

CVE-2019-14494 [HIGH] CWE-369 CVE-2019-14494: An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function S An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

CVE-2019-9959 [MEDIUM] CWE-190 CVE-2019-9959: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stre The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

CVE-2019-12293 [HIGH] CWE-125 CVE-2019-12293: In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stre In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

CVE-2019-11026 [MEDIUM] CWE-674 CVE-2019-11026: FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a cal FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

CVE-2019-10872 [HIGH] CWE-125 CVE-2019-10872: An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Sp An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

CVE-2019-10871 [MEDIUM] CWE-125 CVE-2019-10871: An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PS An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

CVE-2019-10873 [MEDIUM] CWE-476 CVE-2019-10873: An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function Splas An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

CVE-2019-9903 [MEDIUM] CWE-787 CVE-2019-9903: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumpt PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVE-2019-9631 [CRITICAL] CWE-125 CVE-2019-9631: Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

CVE-2019-9543 [HIGH] CWE-674 CVE-2019-9543: An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBit An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JA

CVE-2019-9545 [HIGH] CWE-674 CVE-2019-9545: An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bi

CVE-2019-9200 [HIGH] CWE-787 CVE-2019-9200: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2019-7310 [HIGH] CWE-125 CVE-2019-7310: In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::ge In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.