This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Freedesktop First view 2007-07-30
Product Poppler Last view 2023-08-22
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:* 29
cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:* 28
cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:* 28

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2023-08-22 CVE-2022-38349

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

6.5 2023-08-22 CVE-2022-37052

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

6.5 2023-08-22 CVE-2022-37051

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

6.5 2023-08-22 CVE-2022-37050

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

7.5 2023-08-22 CVE-2020-23804

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

6.5 2023-08-22 CVE-2020-18839

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

5.5 2023-08-11 CVE-2020-36024

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

6.5 2023-08-11 CVE-2020-36023

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

5.5 2023-07-31 CVE-2023-34872

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

7.8 2022-08-30 CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

7.8 2022-08-22 CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

6.5 2022-05-05 CVE-2022-27337

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

7.8 2021-08-24 CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

7.8 2020-12-25 CVE-2020-35702

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

7.5 2020-12-03 CVE-2020-27778

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

7.8 2020-01-09 CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

7.8 2019-11-13 CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

6.5 2019-11-13 CVE-2010-4653

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

8.8 2019-09-05 CVE-2018-21009

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

7.5 2019-08-01 CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

6.5 2019-07-22 CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

8.8 2019-05-23 CVE-2019-12293

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.5 2019-04-08 CVE-2019-11026

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

6.5 2019-04-05 CVE-2019-10873

An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

8.8 2019-04-05 CVE-2019-10872

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

CWE : Common Weakness Enumeration

%idName
22% (16) CWE-476 NULL Pointer Dereference
12% (9) CWE-190 Integer Overflow or Wraparound
12% (9) CWE-125 Out-of-bounds Read
12% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (8) CWE-20 Improper Input Validation
7% (5) CWE-674 Uncontrolled Recursion
5% (4) CWE-787 Out-of-bounds Write
4% (3) CWE-772 Missing Release of Resource after Effective Lifetime
4% (3) CWE-617 Reachable Assertion
1% (1) CWE-681 Incorrect Conversion between Numeric Types
1% (1) CWE-670 Always-Incorrect Control Flow Implementation
1% (1) CWE-369 Divide By Zero
1% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:20354 DSA-1355-1 kdegraphics - integer overflow
oval:org.mitre.oval:def:20211 DSA-1347-1 xpdf
oval:org.mitre.oval:def:19960 DSA-1357-1 koffice - integer overflow
oval:org.mitre.oval:def:18516 DSA-1348-1 poppler
oval:org.mitre.oval:def:11149 Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.0...
oval:org.mitre.oval:def:22418 ELSA-2007:0720: cups security update (Important)
oval:org.mitre.oval:def:22321 ELSA-2007:0732: poppler security update (Important)
oval:org.mitre.oval:def:21863 ELSA-2007:0729: kdegraphics security update (Important)
oval:org.mitre.oval:def:21839 ELSA-2007:0731: tetex security update (Important)
oval:org.mitre.oval:def:18338 DSA-2719-1 poppler - multiple issues
oval:org.mitre.oval:def:18311 USN-1785-1 -- poppler vulnerabilities
oval:org.mitre.oval:def:26006 SUSE-SU-2013:0595-1 -- Security update for poppler
oval:org.mitre.oval:def:25139 SUSE-SU-2013:0596-1 -- Security update for poppler
oval:org.mitre.oval:def:26307 SUSE-SU-2014:0817-1 -- Security update for poppler

Open Source Vulnerability Database (OSVDB)

id Description
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
69064 Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS
40127 PDFedit StreamPredictor::StreamPredictor() PDF Handling Overflow
38120 Xpdf StreamPredictor::StreamPredictor() PDF Handling Overflow

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-08-24 Name : CentOS Update for tetex CESA-2012:1201 centos5
File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl
2012-08-24 Name : RedHat Update for tetex RHSA-2012:1201-01
File : nvt/gb_RHSA-2012_1201-01_tetex.nasl
2011-08-09 Name : CentOS Update for kdegraphics CESA-2010:0753 centos5 i386
File : nvt/gb_CESA-2010_0753_kdegraphics_centos5_i386.nasl
2011-08-09 Name : CentOS Update for poppler CESA-2010:0749 centos5 i386
File : nvt/gb_CESA-2010_0749_poppler_centos5_i386.nasl
2011-03-07 Name : Debian Security Advisory DSA 2135-1 (xpdf)
File : nvt/deb_2135_1.nasl
2010-12-02 Name : Fedora Update for poppler FEDORA-2010-15857
File : nvt/gb_fedora_2010_15857_poppler_fc14.nasl
2010-12-02 Name : Fedora Update for xpdf FEDORA-2010-16744
File : nvt/gb_fedora_2010_16744_xpdf_fc14.nasl
2010-11-17 Name : Debian Security Advisory DSA 2116-1 (poppler)
File : nvt/deb_2116_1.nasl
2010-11-16 Name : Fedora Update for xpdf FEDORA-2010-16705
File : nvt/gb_fedora_2010_16705_xpdf_fc12.nasl
2010-11-16 Name : Fedora Update for xpdf FEDORA-2010-16662
File : nvt/gb_fedora_2010_16662_xpdf_fc13.nasl
2010-11-16 Name : Mandriva Update for poppler MDVSA-2010:230 (poppler)
File : nvt/gb_mandriva_MDVSA_2010_230.nasl
2010-11-16 Name : Mandriva Update for xpdf MDVSA-2010:228 (xpdf)
File : nvt/gb_mandriva_MDVSA_2010_228.nasl
2010-11-16 Name : Mandriva Update for poppler MDVSA-2010:231 (poppler)
File : nvt/gb_mandriva_MDVSA_2010_231.nasl
2010-10-22 Name : Ubuntu Update for poppler vulnerabilities USN-1005-1
File : nvt/gb_ubuntu_USN_1005_1.nasl
2010-10-22 Name : Fedora Update for poppler FEDORA-2010-15911
File : nvt/gb_fedora_2010_15911_poppler_fc13.nasl
2010-10-22 Name : Fedora Update for poppler FEDORA-2010-15981
File : nvt/gb_fedora_2010_15981_poppler_fc12.nasl
2010-10-19 Name : RedHat Update for kdegraphics RHSA-2010:0753-01
File : nvt/gb_RHSA-2010_0753-01_kdegraphics.nasl
2010-10-19 Name : RedHat Update for gpdf RHSA-2010:0752-01
File : nvt/gb_RHSA-2010_0752-01_gpdf.nasl
2010-10-19 Name : RedHat Update for xpdf RHSA-2010:0751-01
File : nvt/gb_RHSA-2010_0751-01_xpdf.nasl
2010-10-19 Name : RedHat Update for xpdf RHSA-2010:0750-01
File : nvt/gb_RHSA-2010_0750-01_xpdf.nasl
2010-10-19 Name : RedHat Update for poppler RHSA-2010:0749-01
File : nvt/gb_RHSA-2010_0749-01_poppler.nasl
2010-10-19 Name : CentOS Update for cups CESA-2010:0755 centos4 i386
File : nvt/gb_CESA-2010_0755_cups_centos4_i386.nasl
2010-10-19 Name : CentOS Update for cups CESA-2010:0754 centos3 i386
File : nvt/gb_CESA-2010_0754_cups_centos3_i386.nasl
2010-10-19 Name : CentOS Update for kdegraphics CESA-2010:0753 centos4 i386
File : nvt/gb_CESA-2010_0753_kdegraphics_centos4_i386.nasl
2010-10-19 Name : CentOS Update for gpdf CESA-2010:0752 centos4 i386
File : nvt/gb_CESA-2010_0752_gpdf_centos4_i386.nasl

Snort® IPS/IDS

Date Description
2017-04-26 Poppler readProgressiveSOF out of bounds write attempt
RuleID : 42353 - Type : FILE-PDF - Revision : 4
2017-04-26 Poppler readProgressiveSOF out of bounds write attempt
RuleID : 42352 - Type : FILE-PDF - Revision : 4
2017-04-26 Poppler PDF library embedded jp2 COD levels integer overflow attempt
RuleID : 42320 - Type : FILE-PDF - Revision : 3
2017-04-26 Poppler PDF library embedded jp2 COD levels integer overflow attempt
RuleID : 42319 - Type : FILE-PDF - Revision : 3
2017-04-19 Poppler DCTStream readScan heap buffer overflow attempt
RuleID : 42274 - Type : FILE-PDF - Revision : 3
2017-04-19 Poppler DCTStream readScan heap buffer overflow attempt
RuleID : 42273 - Type : FILE-PDF - Revision : 3

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-54ed26a423.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e805688895.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO
2018-11-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1562.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-03.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e23d2dae46.nasl - Type: ACT_GATHER_INFO
2018-01-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4097.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-025ff38ac9.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2853ab80b3.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5d79b43fcc.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-d05a50dce6.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-048468d7a8.nasl - Type: ACT_GATHER_INFO
2018-01-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-20ba39cba9.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO
2018-01-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1228.nasl - Type: ACT_GATHER_INFO
2017-11-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1177.nasl - Type: ACT_GATHER_INFO