This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2013-04-09
Product Poppler Last view 2020-12-03
Version 0.20.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:freedesktop:poppler

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

7.8 2020-01-09 CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2018-11-10 CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5 2018-07-25 CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

5.5 2018-05-10 CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

6.5 2018-05-06 CVE-2018-10768

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

7.8 2017-06-22 CVE-2017-9776

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

6.5 2017-06-22 CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

5.5 2017-06-06 CVE-2017-7515

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

5.5 2017-05-30 CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

3.3 2014-04-22 CVE-2013-4472

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

5 2014-01-25 CVE-2013-7296

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

5 2013-11-23 CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

7.5 2013-11-23 CVE-2013-4473

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

6.8 2013-04-09 CVE-2013-1790

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.

4.3 2013-04-09 CVE-2013-1789

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

6.8 2013-04-09 CVE-2013-1788

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

CWE : Common Weakness Enumeration

%idName
29% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17% (3) CWE-476 NULL Pointer Dereference
17% (3) CWE-190 Integer Overflow or Wraparound
11% (2) CWE-125 Out-of-bounds Read
5% (1) CWE-674 Uncontrolled Recursion
5% (1) CWE-369 Divide By Zero
5% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
5% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3440-1.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-902.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1230.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1229.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0147.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170830_poppler_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170830_poppler_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1074.nasl - Type: ACT_GATHER_INFO