Freedesktop Poppler vulnerabilities
157 known vulnerabilities affecting freedesktop/poppler.
Total CVEs
157
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH52MEDIUM92LOW4
Vulnerabilities
Page 6 of 8
CVE-2018-19058P4MEDIUMCVSS 6.5v0.71.02018-11-07
CVE-2018-19058 [MEDIUM] CWE-670 CVE-2018-19058: An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to deni
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
nvdosv
CVE-2018-19060P4MEDIUMCVSS 6.5v0.71.02018-11-07
CVE-2018-19060 [MEDIUM] CWE-476 CVE-2018-19060: An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, w
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
nvdosv
CVE-2022-27337P4MEDIUMCVSS 6.5v22.03.02022-05-05
CVE-2022-27337 [MEDIUM] CVE-2022-27337: A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
nvdosv
CVE-2020-36023P4MEDIUMCVSS 6.5v20.12.12023-08-11
CVE-2020-36023 [MEDIUM] CWE-835 CVE-2020-36023: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a d
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
nvdosv
CVE-2018-18897P4MEDIUMCVSS 6.5v0.71.02018-11-02
CVE-2018-18897 [MEDIUM] CWE-772 CVE-2018-18897: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
nvdosv
CVE-2019-11026P4MEDIUMCVSS 6.5v0.75.02019-04-08
CVE-2019-11026 [MEDIUM] CWE-674 CVE-2019-11026: FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a cal
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
nvdosv
CVE-2022-37052P4MEDIUMCVSS 6.5v22.07.02023-08-22
CVE-2022-37052 [MEDIUM] CWE-617 CVE-2022-37052: A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of ser
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
nvdosv
CVE-2025-50420P4MEDIUMCVSS 6.5fixed in 25.07.02025-08-04
CVE-2025-50420 [MEDIUM] CWE-674 CVE-2025-50420: An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an inf
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
nvdosv
CVE-2019-13286P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.14≥ 0, < 0.62.0-2ubuntu2.92019-07-04
CVE-2019-13286 [MEDIUM] CVE-2019-13286: In Xpdf 4
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
osv
CVE-2018-20662P4MEDIUMCVSS 6.5v0.72.02019-01-03
CVE-2018-20662 [MEDIUM] CWE-20 CVE-2018-20662: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
nvdosv
CVE-2018-20551P4MEDIUMCVSS 6.5v0.72.02018-12-28
CVE-2018-20551 [MEDIUM] CWE-20 CVE-2018-20551: A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of serv
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
nvdosv
CVE-2017-9083P4MEDIUMCVSS 6.5v0.54.02017-05-19
CVE-2017-9083 [MEDIUM] CWE-476 CVE-2017-9083: poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStrea
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
nvd
CVE-2019-13287P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.14≥ 0, < 0.62.0-2ubuntu2.92019-07-04
CVE-2019-13287 [MEDIUM] CVE-2019-13287: In Xpdf 4
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.
osv
CVE-2019-13291P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.14≥ 0, < 0.62.0-2ubuntu2.92019-07-04
CVE-2019-13291 [MEDIUM] CVE-2019-13291: In Xpdf 4
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
osv
CVE-2017-9408P4MEDIUMCVSS 6.5v0.54.02017-06-02
CVE-2017-9408 [MEDIUM] CWE-772 CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
nvdosv
CVE-2017-9406P4MEDIUMCVSS 6.5v0.54.02017-06-02
CVE-2017-9406 [MEDIUM] CWE-772 CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which a
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
nvdosv
CVE-2017-9865P4MEDIUMCVSS 5.5v0.54.02017-06-25
CVE-2017-9865 [MEDIUM] CWE-125 CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to c
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
nvdosv
CVE-2013-1789P4MEDIUMCVSS 4.3≤ 0.22.02013-04-09
CVE-2013-1789 [MEDIUM] CVE-2013-1789: splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of se
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
nvd
CVE-2009-3609P4MEDIUMCVSS 4.3≥ 0, < 0.12.2-12009-10-21
CVE-2009-3609 [MEDIUM] CVE-2009-3609: Integer overflow in the ImageStream::ImageStream function in Stream
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
osv
CVE-2009-0799P4MEDIUMCVSS 4.3≥ 0, < 0.10.6-12009-04-23
CVE-2009-0799 [MEDIUM] CVE-2009-0799: The JBIG2 decoder in Xpdf 3
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
osv