cbcvebase.

Freedesktop Poppler vulnerabilities

157 known vulnerabilities affecting freedesktop/poppler.

Total CVEs
157
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH52MEDIUM92LOW4

Vulnerabilities

Page 7 of 8
CVE-2019-12958P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.6≥ 0, < 0.57.0-2ubuntu42019-06-25
CVE-2019-12958 [MEDIUM] CVE-2019-12958: In Xpdf 4 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
osv
CVE-2009-1183P4MEDIUMCVSS 4.3≥ 0, < 0.10.6-12009-04-23
CVE-2009-1183 [MEDIUM] CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
osv
CVE-2024-56378P4MEDIUMCVSS 4.3≤ 24.12.02024-12-23
CVE-2024-56378 [MEDIUM] CWE-125 CVE-2024-56378: libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bit libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
nvdosv
CVE-2017-18267P4MEDIUMCVSS 5.5≤ 0.64.02018-05-10
CVE-2017-18267 [MEDIUM] CWE-835 CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote atta The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
nvdosv
CVE-2017-7511P4MEDIUMCVSS 5.5v0.17.3v0.17.4+77 more2017-05-30
CVE-2017-7511 [MEDIUM] CWE-476 CVE-2017-7511: poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered b poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
nvdosv
CVE-2013-7296P4MEDIUMCVSS 5.0≤ 0.24.3v0.1+82 more2014-01-26
CVE-2013-7296 [MEDIUM] CWE-119 CVE-2013-7296: The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the cor The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
nvdosv
CVE-2019-10020P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.42019-03-25
CVE-2019-10020 [MEDIUM] CVE-2019-10020: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
osv
CVE-2019-10024P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.42019-03-25
CVE-2019-10024 [MEDIUM] CVE-2019-10024: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
osv
CVE-2009-1181P4MEDIUMCVSS 4.3≥ 0, < 0.10.6-12009-04-23
CVE-2009-1181 [MEDIUM] CVE-2009-1181: The JBIG2 decoder in Xpdf 3 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
osv
CVE-2020-36024P4MEDIUMCVSS 5.5v20.12.12023-08-11
CVE-2020-36024 [MEDIUM] CWE-476 CVE-2020-36024: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a d An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
nvdosv
CVE-2010-5110P4MEDIUMCVSS 4.3≤ 0.13.2v0.13.0+1 more2014-08-29
CVE-2010-5110 [MEDIUM] CWE-20 CVE-2010-5110: DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) v DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
nvdosv
CVE-2009-0146P4MEDIUMCVSS 4.3≥ 0, < 0.10.6-12009-04-23
CVE-2009-0146 [MEDIUM] CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
osv
CVE-2019-10018P4MEDIUMCVSS 5.5≥ 0, < 0.57.0-22019-03-25
CVE-2019-10018 [MEDIUM] CVE-2019-10018: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
osv
CVE-2010-0206P4MEDIUMCVSS 5.5≥ 0, < 0.16.3-12019-10-30
CVE-2010-0206 [MEDIUM] CVE-2010-0206: xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
osv
CVE-2005-3624P4MEDIUMCVSS 5.0≥ 0, < 0.4.4-12005-12-31
CVE-2005-3624 [MEDIUM] CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
osv
CVE-2019-10021P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.142019-03-24
CVE-2019-10021 [MEDIUM] CVE-2019-10021: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
osv
CVE-2019-10023P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.142019-03-24
CVE-2019-10023 [MEDIUM] CVE-2019-10023: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
osv
CVE-2019-10019P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.142019-03-24
CVE-2019-10019 [MEDIUM] CVE-2019-10019: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
osv
CVE-2019-10022P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.13≥ 0, < 0.62.0-2ubuntu2.82019-03-25
CVE-2019-10022 [MEDIUM] CVE-2019-10022: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
osv
CVE-2019-10026P4MEDIUMCVSS 5.5≥ 0, < 0.41.0-0ubuntu1.13≥ 0, < 0.62.0-2ubuntu2.82019-03-25
CVE-2019-10026 [MEDIUM] CVE-2019-10026: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
osv
Freedesktop Poppler vulnerabilities | cvebase