Summary
| Detail | |||
|---|---|---|---|
| Vendor | Freedesktop | First view | 2018-09-06 |
| Product | Poppler | Last view | 2020-12-03 |
| Version | 0.68.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:freedesktop:poppler | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2020-12-03 | CVE-2020-27778 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. |
| 8.8 | 2019-09-05 | CVE-2018-21009 | Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. |
| 7.5 | 2019-08-01 | CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
| 6.5 | 2019-07-22 | CVE-2019-9959 | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. |
| 8.8 | 2019-05-23 | CVE-2019-12293 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. |
| 6.5 | 2018-11-10 | CVE-2018-19149 | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. |
| 6.5 | 2018-09-06 | CVE-2018-16646 | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-190 | Integer Overflow or Wraparound |
| 20% (1) | CWE-476 | NULL Pointer Dereference |
| 20% (1) | CWE-369 | Divide By Zero |
| 20% (1) | CWE-125 | Out-of-bounds Read |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-54ed26a423.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e805688895.nasl - Type: ACT_GATHER_INFO |
| 2018-11-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1562.nasl - Type: ACT_GATHER_INFO |
