This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2018-12-25
Product Poppler Last view 2020-12-03
Version 0.72.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:freedesktop:poppler

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2019-01-03 CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5 2019-01-01 CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5 2018-12-28 CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

6.5 2018-12-25 CVE-2018-20481

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-20 Improper Input Validation
25% (2) CWE-190 Integer Overflow or Wraparound
12% (1) CWE-476 NULL Pointer Dereference
12% (1) CWE-369 Divide By Zero
12% (1) CWE-125 Out-of-bounds Read