This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2017-09-17
Product Poppler Last view 2020-12-03
Version 0.59.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:freedesktop:poppler

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2018-11-10 CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5 2018-07-25 CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

5.5 2018-05-10 CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

8.8 2017-10-17 CVE-2017-15565

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

7.5 2017-10-01 CVE-2017-14977

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

7.5 2017-10-01 CVE-2017-14976

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

7.5 2017-10-01 CVE-2017-14975

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

7.5 2017-09-29 CVE-2017-14929

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.

5.5 2017-09-29 CVE-2017-14928

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

5.5 2017-09-29 CVE-2017-14927

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

5.5 2017-09-29 CVE-2017-14926

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

7.8 2017-09-20 CVE-2017-14617

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

7.8 2017-09-17 CVE-2017-14520

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.

7.5 2017-09-17 CVE-2017-14519

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

7.8 2017-09-17 CVE-2017-14518

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

5.5 2017-09-17 CVE-2017-14517

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

CWE : Common Weakness Enumeration

%idName
47% (8) CWE-476 NULL Pointer Dereference
17% (3) CWE-125 Out-of-bounds Read
17% (3) CWE-20 Improper Input Validation
11% (2) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-369 Divide By Zero

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-03.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e23d2dae46.nasl - Type: ACT_GATHER_INFO
2018-01-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4097.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-d05a50dce6.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5d79b43fcc.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2853ab80b3.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-025ff38ac9.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO
2017-11-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1177.nasl - Type: ACT_GATHER_INFO
2017-11-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-1762a103bf.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2952-1.nasl - Type: ACT_GATHER_INFO
2017-11-08 Name: The remote Fedora host is missing a security update.
File: fedora_2017-51ff8fe326.nasl - Type: ACT_GATHER_INFO
2017-11-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-805d9423f8.nasl - Type: ACT_GATHER_INFO
2017-11-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1259.nasl - Type: ACT_GATHER_INFO
2017-11-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1260.nasl - Type: ACT_GATHER_INFO
2017-11-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1263.nasl - Type: ACT_GATHER_INFO