This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2017-05-30
Product Poppler Last view 2020-12-03
Version 0.37.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:freedesktop:poppler

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2018-11-10 CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5 2018-07-25 CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

5.5 2018-05-10 CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

6.5 2018-05-06 CVE-2018-10768

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

7.8 2017-06-22 CVE-2017-9776

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

6.5 2017-06-22 CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

5.5 2017-06-06 CVE-2017-7515

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

5.5 2017-05-30 CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

CWE : Common Weakness Enumeration

%idName
27% (3) CWE-476 NULL Pointer Dereference
27% (3) CWE-190 Integer Overflow or Wraparound
18% (2) CWE-125 Out-of-bounds Read
9% (1) CWE-674 Uncontrolled Recursion
9% (1) CWE-369 Divide By Zero
9% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3440-1.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-902.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1230.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1229.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0147.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170830_poppler_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170830_poppler_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-08-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1074.nasl - Type: ACT_GATHER_INFO