Summary
Detail | |||
---|---|---|---|
Vendor | Freedesktop | First view | 2007-07-30 |
Product | Poppler | Last view | 2023-08-22 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2023-08-22 | CVE-2022-38349 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. |
6.5 | 2023-08-22 | CVE-2022-37052 | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. |
6.5 | 2023-08-22 | CVE-2022-37051 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. |
6.5 | 2023-08-22 | CVE-2022-37050 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. |
7.5 | 2023-08-22 | CVE-2020-23804 | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. |
6.5 | 2023-08-22 | CVE-2020-18839 | Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. |
5.5 | 2023-08-11 | CVE-2020-36024 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. |
6.5 | 2023-08-11 | CVE-2020-36023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. |
5.5 | 2023-07-31 | CVE-2023-34872 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. |
7.8 | 2022-08-30 | CVE-2022-38784 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. |
7.8 | 2022-08-22 | CVE-2022-38171 | Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). |
6.5 | 2022-05-05 | CVE-2022-27337 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
7.8 | 2021-08-24 | CVE-2021-30860 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
7.8 | 2020-12-25 | CVE-2020-35702 | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects |
7.5 | 2020-12-03 | CVE-2020-27778 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. |
7.8 | 2020-01-09 | CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. |
7.8 | 2019-11-13 | CVE-2010-4654 | poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. |
6.5 | 2019-11-13 | CVE-2010-4653 | An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. |
8.8 | 2019-09-05 | CVE-2018-21009 | Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. |
7.5 | 2019-08-01 | CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
6.5 | 2019-07-22 | CVE-2019-9959 | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. |
8.8 | 2019-05-23 | CVE-2019-12293 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. |
6.5 | 2019-04-08 | CVE-2019-11026 | FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. |
6.5 | 2019-04-05 | CVE-2019-10873 | An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. |
8.8 | 2019-04-05 | CVE-2019-10872 | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
22% (16) | CWE-476 | NULL Pointer Dereference |
12% (9) | CWE-190 | Integer Overflow or Wraparound |
12% (9) | CWE-125 | Out-of-bounds Read |
12% (9) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11% (8) | CWE-20 | Improper Input Validation |
7% (5) | CWE-674 | Uncontrolled Recursion |
5% (4) | CWE-787 | Out-of-bounds Write |
4% (3) | CWE-772 | Missing Release of Resource after Effective Lifetime |
4% (3) | CWE-617 | Reachable Assertion |
1% (1) | CWE-681 | Incorrect Conversion between Numeric Types |
1% (1) | CWE-670 | Always-Incorrect Control Flow Implementation |
1% (1) | CWE-369 | Divide By Zero |
1% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
1% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:20354 | DSA-1355-1 kdegraphics - integer overflow |
oval:org.mitre.oval:def:20211 | DSA-1347-1 xpdf |
oval:org.mitre.oval:def:19960 | DSA-1357-1 koffice - integer overflow |
oval:org.mitre.oval:def:18516 | DSA-1348-1 poppler |
oval:org.mitre.oval:def:11149 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.0... |
oval:org.mitre.oval:def:22418 | ELSA-2007:0720: cups security update (Important) |
oval:org.mitre.oval:def:22321 | ELSA-2007:0732: poppler security update (Important) |
oval:org.mitre.oval:def:21863 | ELSA-2007:0729: kdegraphics security update (Important) |
oval:org.mitre.oval:def:21839 | ELSA-2007:0731: tetex security update (Important) |
oval:org.mitre.oval:def:18338 | DSA-2719-1 poppler - multiple issues |
oval:org.mitre.oval:def:18311 | USN-1785-1 -- poppler vulnerabilities |
oval:org.mitre.oval:def:26006 | SUSE-SU-2013:0595-1 -- Security update for poppler |
oval:org.mitre.oval:def:25139 | SUSE-SU-2013:0596-1 -- Security update for poppler |
oval:org.mitre.oval:def:26307 | SUSE-SU-2014:0817-1 -- Security update for poppler |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
74685 | xpdf Font CharCodes Parsing Integer Overflow |
74684 | xpdf Malformed Command Handling Gfx Content Memory Corruption |
69064 | Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS |
40127 | PDFedit StreamPredictor::StreamPredictor() PDF Handling Overflow |
38120 | Xpdf StreamPredictor::StreamPredictor() PDF Handling Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2010:0753 centos5 i386 File : nvt/gb_CESA-2010_0753_kdegraphics_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2010:0749 centos5 i386 File : nvt/gb_CESA-2010_0749_poppler_centos5_i386.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2135-1 (xpdf) File : nvt/deb_2135_1.nasl |
2010-12-02 | Name : Fedora Update for poppler FEDORA-2010-15857 File : nvt/gb_fedora_2010_15857_poppler_fc14.nasl |
2010-12-02 | Name : Fedora Update for xpdf FEDORA-2010-16744 File : nvt/gb_fedora_2010_16744_xpdf_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2116-1 (poppler) File : nvt/deb_2116_1.nasl |
2010-11-16 | Name : Fedora Update for xpdf FEDORA-2010-16705 File : nvt/gb_fedora_2010_16705_xpdf_fc12.nasl |
2010-11-16 | Name : Fedora Update for xpdf FEDORA-2010-16662 File : nvt/gb_fedora_2010_16662_xpdf_fc13.nasl |
2010-11-16 | Name : Mandriva Update for poppler MDVSA-2010:230 (poppler) File : nvt/gb_mandriva_MDVSA_2010_230.nasl |
2010-11-16 | Name : Mandriva Update for xpdf MDVSA-2010:228 (xpdf) File : nvt/gb_mandriva_MDVSA_2010_228.nasl |
2010-11-16 | Name : Mandriva Update for poppler MDVSA-2010:231 (poppler) File : nvt/gb_mandriva_MDVSA_2010_231.nasl |
2010-10-22 | Name : Ubuntu Update for poppler vulnerabilities USN-1005-1 File : nvt/gb_ubuntu_USN_1005_1.nasl |
2010-10-22 | Name : Fedora Update for poppler FEDORA-2010-15911 File : nvt/gb_fedora_2010_15911_poppler_fc13.nasl |
2010-10-22 | Name : Fedora Update for poppler FEDORA-2010-15981 File : nvt/gb_fedora_2010_15981_poppler_fc12.nasl |
2010-10-19 | Name : RedHat Update for kdegraphics RHSA-2010:0753-01 File : nvt/gb_RHSA-2010_0753-01_kdegraphics.nasl |
2010-10-19 | Name : RedHat Update for gpdf RHSA-2010:0752-01 File : nvt/gb_RHSA-2010_0752-01_gpdf.nasl |
2010-10-19 | Name : RedHat Update for xpdf RHSA-2010:0751-01 File : nvt/gb_RHSA-2010_0751-01_xpdf.nasl |
2010-10-19 | Name : RedHat Update for xpdf RHSA-2010:0750-01 File : nvt/gb_RHSA-2010_0750-01_xpdf.nasl |
2010-10-19 | Name : RedHat Update for poppler RHSA-2010:0749-01 File : nvt/gb_RHSA-2010_0749-01_poppler.nasl |
2010-10-19 | Name : CentOS Update for cups CESA-2010:0755 centos4 i386 File : nvt/gb_CESA-2010_0755_cups_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for cups CESA-2010:0754 centos3 i386 File : nvt/gb_CESA-2010_0754_cups_centos3_i386.nasl |
2010-10-19 | Name : CentOS Update for kdegraphics CESA-2010:0753 centos4 i386 File : nvt/gb_CESA-2010_0753_kdegraphics_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for gpdf CESA-2010:0752 centos4 i386 File : nvt/gb_CESA-2010_0752_gpdf_centos4_i386.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2017-04-26 | Poppler readProgressiveSOF out of bounds write attempt RuleID : 42353 - Type : FILE-PDF - Revision : 4 |
2017-04-26 | Poppler readProgressiveSOF out of bounds write attempt RuleID : 42352 - Type : FILE-PDF - Revision : 4 |
2017-04-26 | Poppler PDF library embedded jp2 COD levels integer overflow attempt RuleID : 42320 - Type : FILE-PDF - Revision : 3 |
2017-04-26 | Poppler PDF library embedded jp2 COD levels integer overflow attempt RuleID : 42319 - Type : FILE-PDF - Revision : 3 |
2017-04-19 | Poppler DCTStream readScan heap buffer overflow attempt RuleID : 42274 - Type : FILE-PDF - Revision : 3 |
2017-04-19 | Poppler DCTStream readScan heap buffer overflow attempt RuleID : 42273 - Type : FILE-PDF - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-54ed26a423.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e805688895.nasl - Type: ACT_GATHER_INFO |
2018-12-10 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO |
2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO |
2018-11-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1562.nasl - Type: ACT_GATHER_INFO |
2018-08-15 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO |
2018-04-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201804-03.nasl - Type: ACT_GATHER_INFO |
2018-02-28 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e23d2dae46.nasl - Type: ACT_GATHER_INFO |
2018-01-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4097.nasl - Type: ACT_GATHER_INFO |
2018-01-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-025ff38ac9.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2853ab80b3.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-5d79b43fcc.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d05a50dce6.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2018-048468d7a8.nasl - Type: ACT_GATHER_INFO |
2018-01-10 | Name: The remote Fedora host is missing a security update. File: fedora_2018-20ba39cba9.nasl - Type: ACT_GATHER_INFO |
2018-01-08 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO |
2018-01-04 | Name: The remote Debian host is missing a security update. File: debian_DLA-1228.nasl - Type: ACT_GATHER_INFO |
2017-11-20 | Name: The remote Debian host is missing a security update. File: debian_DLA-1177.nasl - Type: ACT_GATHER_INFO |