Freedesktop Poppler vulnerabilities

CVE-2018-10768 [MEDIUM] CWE-476 CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubun There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

CVE-2017-1000456 [HIGH] CWE-119 CVE-2017-1000456: freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to over freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

CVE-2017-15565 [HIGH] CWE-476 CVE-2017-15565: In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

CVE-2017-14975 [HIGH] CWE-476 CVE-2017-14975: The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer derefe The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

CVE-2017-14977 [HIGH] CWE-476 CVE-2017-14977: The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer deref The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

CVE-2017-14976 [HIGH] CWE-125 CVE-2017-14976: The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer o The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

CVE-2017-14929 [HIGH] CVE-2017-14929: In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a re In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.

CVE-2017-14928 [MEDIUM] CWE-476 CVE-2017-14928: In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

CVE-2017-14927 [MEDIUM] CWE-476 CVE-2017-14927: In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in S In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

CVE-2017-14926 [MEDIUM] CWE-476 CVE-2017-14926: In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

CVE-2017-14617 [HIGH] CWE-20 CVE-2017-14617: In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which ma In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

CVE-2017-14518 [HIGH] CWE-20 CVE-2017-14518: In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

CVE-2017-14519 [HIGH] CWE-835 CVE-2017-14519: In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a r In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

CVE-2017-14520 [HIGH] CWE-20 CVE-2017-14520: In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.

CVE-2017-14517 [MEDIUM] CWE-476 CVE-2017-14517: In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc v In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

CVE-2017-2814 [HIGH] CWE-119 CVE-2017-2814: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0. An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.

CVE-2017-2820 [HIGH] CWE-190 CVE-2017-2820: An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicio

CVE-2017-2818 [HIGH] CWE-119 CVE-2017-2818: An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0. An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.

CVE-2017-9865 [MEDIUM] CWE-125 CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to c The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

CVE-2017-9776 [HIGH] CWE-190 CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0 Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.