Search
Search Results (89 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10768 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2024-11-21 | N/A |
| There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. | ||||
| CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2024-11-21 | N/A |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | ||||
| CVE-2017-1000456 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | N/A |
| freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 7.8 High |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | ||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 6.5 Medium |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | ||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-08-06 | 7.8 High |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | ||||
| CVE-2013-7296 | 1 Freedesktop | 1 Poppler | 2024-08-06 | N/A |
| The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. | ||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-08-06 | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
| CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-08-06 | N/A |
| Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | ||||