Freedesktop Poppler vulnerabilities

CVE-2017-9775 [MEDIUM] CWE-119 CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

CVE-2017-7515 [MEDIUM] CWE-674 CVE-2017-7515: poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

CVE-2017-9408 [MEDIUM] CWE-772 CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-9406 [MEDIUM] CWE-772 CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which a In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-7511 [MEDIUM] CWE-476 CVE-2017-7511: poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered b poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

CVE-2017-9083 [MEDIUM] CWE-476 CVE-2017-9083: poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStrea poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

CVE-2015-8868 [HIGH] CWE-119 CVE-2015-8868: Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler befor Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

CVE-2010-5110 [MEDIUM] CWE-20 CVE-2010-5110: DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) v DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2013-4472 [LOW] CWE-59 CVE-2013-4472: The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

CVE-2013-7296 [MEDIUM] CWE-119 CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the cor The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

CVE-2013-4473 [HIGH] CWE-119 CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0 Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

CVE-2013-4474 [MEDIUM] CWE-20 CVE-2013-4474: Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0 Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

CVE-2013-1788 [MEDIUM] CWE-119 CVE-2013-1788: poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and po poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

CVE-2013-1790 [MEDIUM] CWE-119 CVE-2013-1790: poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.

CVE-2013-1789 [MEDIUM] CVE-2013-1789: splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of se splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

CVE-2010-3702 [HIGH] CWE-476 CVE-2010-3702: The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

CVE-2010-3703 [MEDIUM] CVE-2010-3703: The PostScriptFunction::PostScriptFunction function in poppler/Function The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

CVE-2010-3704 [MEDIUM] CVE-2010-3704: The FoFiType1::parse function in fofi/FoFiType1 The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input valid

CVE-2009-4035 [CRITICAL] CVE-2009-4035: The FoFiType1::parse function in fofi/FoFiType1 The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error an

CVE-2009-3938 [MEDIUM] CVE-2009-3938: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.