This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2017-05-30
Product Poppler Last view 2020-12-03
Version 0.53.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:freedesktop:poppler

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2018-11-10 CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5 2018-07-25 CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

5.5 2018-05-10 CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

8.8 2017-07-12 CVE-2017-2820

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.

8.8 2017-07-12 CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.

8.8 2017-07-12 CVE-2017-2814

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.

7.8 2017-06-22 CVE-2017-9776

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

6.5 2017-06-22 CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

5.5 2017-06-06 CVE-2017-7515

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

5.5 2017-05-30 CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

CWE : Common Weakness Enumeration

%idName
30% (4) CWE-190 Integer Overflow or Wraparound
23% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (2) CWE-476 NULL Pointer Dereference
15% (2) CWE-125 Out-of-bounds Read
7% (1) CWE-674 Uncontrolled Recursion
7% (1) CWE-369 Divide By Zero

Snort® IPS/IDS

Date Description
2017-04-26 Poppler readProgressiveSOF out of bounds write attempt
RuleID : 42353 - Type : FILE-PDF - Revision : 4
2017-04-26 Poppler readProgressiveSOF out of bounds write attempt
RuleID : 42352 - Type : FILE-PDF - Revision : 4
2017-04-26 Poppler PDF library embedded jp2 COD levels integer overflow attempt
RuleID : 42320 - Type : FILE-PDF - Revision : 3
2017-04-26 Poppler PDF library embedded jp2 COD levels integer overflow attempt
RuleID : 42319 - Type : FILE-PDF - Revision : 3
2017-04-19 Poppler DCTStream readScan heap buffer overflow attempt
RuleID : 42274 - Type : FILE-PDF - Revision : 3
2017-04-19 Poppler DCTStream readScan heap buffer overflow attempt
RuleID : 42273 - Type : FILE-PDF - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3440-1.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-902.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1230.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1229.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0147.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170830_poppler_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170830_poppler_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2551.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2550.nasl - Type: ACT_GATHER_INFO
2017-08-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1074.nasl - Type: ACT_GATHER_INFO