Freedesktop Poppler vulnerabilities
157 known vulnerabilities affecting freedesktop/poppler.
Total CVEs
157
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH52MEDIUM92LOW4
Vulnerabilities
Page 5 of 8
CVE-2019-10873P4MEDIUMCVSS 6.5v0.74.02019-04-05
CVE-2019-10873 [MEDIUM] CWE-476 CVE-2019-10873: An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function Splas
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
nvdosv
CVE-2019-12360P4HIGHCVSS 7.1≥ 0, < 0.38.0-22019-05-27
CVE-2019-12360 [HIGH] CVE-2019-12360: A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
osv
CVE-2019-10871P4MEDIUMCVSS 6.5v0.74.02019-04-05
CVE-2019-10871 [MEDIUM] CWE-125 CVE-2019-10871: An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PS
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
nvdosv
CVE-2019-9903P4MEDIUMCVSS 6.5v0.74.02019-03-21
CVE-2019-9903 [MEDIUM] CWE-787 CVE-2019-9903: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumpt
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
nvdosv
CVE-2025-32365P4HIGHCVSS 7.1fixed in 25.04.02025-04-05
CVE-2025-32365 [HIGH] CWE-125 CVE-2025-32365: Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap:
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
nvdosv
CVE-2022-37050P4MEDIUMCVSS 6.5v22.07.02023-08-22
CVE-2022-37050 [MEDIUM] CVE-2022-37050: In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (a
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
nvdosv
CVE-2005-3191P4MEDIUMCVSS 5.1≥ 0, < 0.4.2-1.12005-12-07
CVE-2005-3191 [MEDIUM] CVE-2005-3191: Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing c
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) l
osv
CVE-2005-3193P4MEDIUMCVSS 5.1≥ 0, < 0.4.2-1.12005-12-07
CVE-2005-3193 [MEDIUM] CVE-2005-3193: Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code
osv
CVE-2025-52885P4MEDIUMCVSS 6.1≥ 0, < 25.03.0-11.12025-10-10
CVE-2025-52885 [MEDIUM] CVE-2025-52885: Poppler ia a library for rendering PDF files, and examining or modifying their structure
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerab
osv
CVE-2017-9775P4MEDIUMCVSS 6.5≤ 0.55.02017-06-22
CVE-2017-9775 [MEDIUM] CWE-119 CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
nvdosv
CVE-2018-20481P4MEDIUMCVSS 6.5v0.72.02018-12-26
CVE-2018-20481 [MEDIUM] CWE-476 CVE-2018-20481: XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
nvdosv
CVE-2019-12515P4HIGHCVSS 7.1≥ 0, < 0.41.0-0ubuntu1.13≥ 0, < 0.62.0-2ubuntu2.82019-06-02
CVE-2019-12515 [HIGH] CVE-2019-12515: There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.
osv
CVE-2018-10768P4MEDIUMCVSS 6.5fixed in 0.41.02018-05-06
CVE-2018-10768 [MEDIUM] CWE-476 CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubun
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
nvdosv
CVE-2018-19059P4MEDIUMCVSS 6.5v0.71.02018-11-07
CVE-2018-19059 [MEDIUM] CWE-125 CVE-2018-19059: An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSp
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
nvdosv
CVE-2022-37051P4MEDIUMCVSS 6.5v22.07.02023-08-22
CVE-2022-37051 [MEDIUM] CWE-617 CVE-2022-37051: An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of serv
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
nvdosv
CVE-2022-38349P4MEDIUMCVSS 6.5v22.08.02023-08-22
CVE-2022-38349 [MEDIUM] CWE-617 CVE-2022-38349: An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
nvdosv
CVE-2020-18839P4MEDIUMCVSS 6.5v0.75.02023-08-22
CVE-2020-18839 [MEDIUM] CWE-787 CVE-2020-18839: Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a d
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
nvdosv
CVE-2019-13288P4MEDIUMCVSS 6.5≥ 0, < 0.41.0-0ubuntu1.14≥ 0, < 0.62.0-2ubuntu2.92019-07-04
CVE-2019-13288 [MEDIUM] CVE-2019-13288: In Xpdf 4
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
osv
CVE-2018-19149P4MEDIUMCVSS 6.5fixed in 0.70.02018-11-10
CVE-2018-19149 [MEDIUM] CWE-476 CVE-2018-19149: Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from pop
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
nvdosv
CVE-2018-20650P4MEDIUMCVSS 6.5v0.72.02019-01-01
CVE-2018-20650 [MEDIUM] CWE-20 CVE-2018-20650: A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
nvdosv