This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2007-07-30
Product Poppler Last view 2022-05-05
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:* 25
cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:* 24
cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:* 24

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2022-05-05 CVE-2022-27337

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

7.8 2020-12-25 CVE-2020-35702

** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects.

7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

7.8 2020-01-09 CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

7.8 2019-11-13 CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

6.5 2019-11-13 CVE-2010-4653

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2019-04-08 CVE-2019-11026

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

6.5 2019-04-05 CVE-2019-10873

An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

8.8 2019-04-05 CVE-2019-10872

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

6.5 2019-04-05 CVE-2019-10871

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

6.5 2019-03-21 CVE-2019-9903

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

9.8 2019-03-08 CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

8.8 2019-03-01 CVE-2019-9545

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

8.8 2019-03-01 CVE-2019-9543

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.

8.8 2019-02-26 CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

7.8 2019-02-02 CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

6.5 2019-01-03 CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5 2019-01-01 CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5 2018-12-28 CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

6.5 2018-12-25 CVE-2018-20481

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

6.5 2018-11-10 CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

CWE : Common Weakness Enumeration

%idName
24% (15) CWE-476 NULL Pointer Dereference
14% (9) CWE-125 Out-of-bounds Read
14% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (8) CWE-20 Improper Input Validation
9% (6) CWE-190 Integer Overflow or Wraparound
6% (4) CWE-674 Uncontrolled Recursion
4% (3) CWE-787 Out-of-bounds Write
4% (3) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-681 Incorrect Conversion between Numeric Types
1% (1) CWE-670 Always-Incorrect Control Flow Implementation
1% (1) CWE-369 Divide By Zero
1% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:20354 DSA-1355-1 kdegraphics - integer overflow
oval:org.mitre.oval:def:20211 DSA-1347-1 xpdf
oval:org.mitre.oval:def:19960 DSA-1357-1 koffice - integer overflow
oval:org.mitre.oval:def:18516 DSA-1348-1 poppler
oval:org.mitre.oval:def:11149 Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.0...
oval:org.mitre.oval:def:22418 ELSA-2007:0720: cups security update (Important)
oval:org.mitre.oval:def:22321 ELSA-2007:0732: poppler security update (Important)
oval:org.mitre.oval:def:21863 ELSA-2007:0729: kdegraphics security update (Important)
oval:org.mitre.oval:def:21839 ELSA-2007:0731: tetex security update (Important)
oval:org.mitre.oval:def:18338 DSA-2719-1 poppler - multiple issues
oval:org.mitre.oval:def:18311 USN-1785-1 -- poppler vulnerabilities
oval:org.mitre.oval:def:26006 SUSE-SU-2013:0595-1 -- Security update for poppler
oval:org.mitre.oval:def:25139 SUSE-SU-2013:0596-1 -- Security update for poppler
oval:org.mitre.oval:def:26307 SUSE-SU-2014:0817-1 -- Security update for poppler

Open Source Vulnerability Database (OSVDB)

id Description
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
69064 Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS
40127 PDFedit StreamPredictor::StreamPredictor() PDF Handling Overflow
38120 Xpdf StreamPredictor::StreamPredictor() PDF Handling Overflow

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-08-24 Name : CentOS Update for tetex CESA-2012:1201 centos5
File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl
2012-08-24 Name : RedHat Update for tetex RHSA-2012:1201-01
File : nvt/gb_RHSA-2012_1201-01_tetex.nasl
2011-08-09 Name : CentOS Update for kdegraphics CESA-2010:0753 centos5 i386
File : nvt/gb_CESA-2010_0753_kdegraphics_centos5_i386.nasl
2011-08-09 Name : CentOS Update for poppler CESA-2010:0749 centos5 i386
File : nvt/gb_CESA-2010_0749_poppler_centos5_i386.nasl
2011-03-07 Name : Debian Security Advisory DSA 2135-1 (xpdf)
File : nvt/deb_2135_1.nasl
2010-12-02 Name : Fedora Update for poppler FEDORA-2010-15857
File : nvt/gb_fedora_2010_15857_poppler_fc14.nasl
2010-12-02 Name : Fedora Update for xpdf FEDORA-2010-16744
File : nvt/gb_fedora_2010_16744_xpdf_fc14.nasl
2010-11-17 Name : Debian Security Advisory DSA 2116-1 (poppler)
File : nvt/deb_2116_1.nasl
2010-11-16 Name : Fedora Update for xpdf FEDORA-2010-16705
File : nvt/gb_fedora_2010_16705_xpdf_fc12.nasl
2010-11-16 Name : Fedora Update for xpdf FEDORA-2010-16662
File : nvt/gb_fedora_2010_16662_xpdf_fc13.nasl
2010-11-16 Name : Mandriva Update for poppler MDVSA-2010:230 (poppler)
File : nvt/gb_mandriva_MDVSA_2010_230.nasl
2010-11-16 Name : Mandriva Update for xpdf MDVSA-2010:228 (xpdf)
File : nvt/gb_mandriva_MDVSA_2010_228.nasl
2010-11-16 Name : Mandriva Update for poppler MDVSA-2010:231 (poppler)
File : nvt/gb_mandriva_MDVSA_2010_231.nasl
2010-10-22 Name : Ubuntu Update for poppler vulnerabilities USN-1005-1
File : nvt/gb_ubuntu_USN_1005_1.nasl
2010-10-22 Name : Fedora Update for poppler FEDORA-2010-15911
File : nvt/gb_fedora_2010_15911_poppler_fc13.nasl
2010-10-22 Name : Fedora Update for poppler FEDORA-2010-15981
File : nvt/gb_fedora_2010_15981_poppler_fc12.nasl
2010-10-19 Name : RedHat Update for kdegraphics RHSA-2010:0753-01
File : nvt/gb_RHSA-2010_0753-01_kdegraphics.nasl
2010-10-19 Name : RedHat Update for gpdf RHSA-2010:0752-01
File : nvt/gb_RHSA-2010_0752-01_gpdf.nasl
2010-10-19 Name : RedHat Update for xpdf RHSA-2010:0751-01
File : nvt/gb_RHSA-2010_0751-01_xpdf.nasl
2010-10-19 Name : RedHat Update for xpdf RHSA-2010:0750-01
File : nvt/gb_RHSA-2010_0750-01_xpdf.nasl
2010-10-19 Name : RedHat Update for poppler RHSA-2010:0749-01
File : nvt/gb_RHSA-2010_0749-01_poppler.nasl
2010-10-19 Name : CentOS Update for cups CESA-2010:0755 centos4 i386
File : nvt/gb_CESA-2010_0755_cups_centos4_i386.nasl
2010-10-19 Name : CentOS Update for cups CESA-2010:0754 centos3 i386
File : nvt/gb_CESA-2010_0754_cups_centos3_i386.nasl
2010-10-19 Name : CentOS Update for kdegraphics CESA-2010:0753 centos4 i386
File : nvt/gb_CESA-2010_0753_kdegraphics_centos4_i386.nasl
2010-10-19 Name : CentOS Update for gpdf CESA-2010:0752 centos4 i386
File : nvt/gb_CESA-2010_0752_gpdf_centos4_i386.nasl

Snort® IPS/IDS

Date Description
2017-04-26 Poppler readProgressiveSOF out of bounds write attempt
RuleID : 42353 - Type : FILE-PDF - Revision : 4
2017-04-26 Poppler readProgressiveSOF out of bounds write attempt
RuleID : 42352 - Type : FILE-PDF - Revision : 4
2017-04-26 Poppler PDF library embedded jp2 COD levels integer overflow attempt
RuleID : 42320 - Type : FILE-PDF - Revision : 3
2017-04-26 Poppler PDF library embedded jp2 COD levels integer overflow attempt
RuleID : 42319 - Type : FILE-PDF - Revision : 3
2017-04-19 Poppler DCTStream readScan heap buffer overflow attempt
RuleID : 42274 - Type : FILE-PDF - Revision : 3
2017-04-19 Poppler DCTStream readScan heap buffer overflow attempt
RuleID : 42273 - Type : FILE-PDF - Revision : 3

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-54ed26a423.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e805688895.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO
2018-11-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1562.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-03.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e23d2dae46.nasl - Type: ACT_GATHER_INFO
2018-01-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4097.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-025ff38ac9.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2853ab80b3.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5d79b43fcc.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-d05a50dce6.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-048468d7a8.nasl - Type: ACT_GATHER_INFO
2018-01-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-20ba39cba9.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO
2018-01-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1228.nasl - Type: ACT_GATHER_INFO
2017-11-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1177.nasl - Type: ACT_GATHER_INFO