| 0 |
| url |
VCID-1dky-1wb2-huaa |
| vulnerability_id |
VCID-1dky-1wb2-huaa |
| summary |
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14519
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1dky-1wb2-huaa |
|
| 1 |
| url |
VCID-4mt9-s54t-uub2 |
| vulnerability_id |
VCID-4mt9-s54t-uub2 |
| summary |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14975
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4mt9-s54t-uub2 |
|
| 2 |
| url |
VCID-6x2t-evww-sbdv |
| vulnerability_id |
VCID-6x2t-evww-sbdv |
| summary |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14976
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6x2t-evww-sbdv |
|
| 3 |
| url |
VCID-7nuu-hq66-67es |
| vulnerability_id |
VCID-7nuu-hq66-67es |
| summary |
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14520
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7nuu-hq66-67es |
|
| 4 |
| url |
VCID-aqh3-9esc-jqg7 |
| vulnerability_id |
VCID-aqh3-9esc-jqg7 |
| summary |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14517
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aqh3-9esc-jqg7 |
|
| 5 |
|
| 6 |
| url |
VCID-btq8-dzuk-4yfk |
| vulnerability_id |
VCID-btq8-dzuk-4yfk |
| summary |
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
| 2 |
|
|
| aliases |
CVE-2017-9408
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-btq8-dzuk-4yfk |
|
| 7 |
| url |
VCID-bytg-r7hs-gyeg |
| vulnerability_id |
VCID-bytg-r7hs-gyeg |
| summary |
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14977
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bytg-r7hs-gyeg |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| url |
VCID-p82j-3rgh-tqgf |
| vulnerability_id |
VCID-p82j-3rgh-tqgf |
| summary |
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-14518
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p82j-3rgh-tqgf |
|
| 13 |
| url |
VCID-q9zx-mkrf-k3bh |
| vulnerability_id |
VCID-q9zx-mkrf-k3bh |
| summary |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-9865
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q9zx-mkrf-k3bh |
|
| 14 |
| url |
VCID-re3v-ymkc-53bt |
| vulnerability_id |
VCID-re3v-ymkc-53bt |
| summary |
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
|
| aliases |
CVE-2015-8868
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-re3v-ymkc-53bt |
|
| 15 |
| url |
VCID-snd9-bt5h-6ycw |
| vulnerability_id |
VCID-snd9-bt5h-6ycw |
| summary |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-15565
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-snd9-bt5h-6ycw |
|
| 16 |
| url |
VCID-v9g2-msy2-gbhc |
| vulnerability_id |
VCID-v9g2-msy2-gbhc |
| summary |
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-9406
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v9g2-msy2-gbhc |
|
| 17 |
| url |
VCID-xsp3-9g35-m7b5 |
| vulnerability_id |
VCID-xsp3-9g35-m7b5 |
| summary |
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-12360
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xsp3-9g35-m7b5 |
|
| 18 |
| url |
VCID-yhxt-1rx2-cbc1 |
| vulnerability_id |
VCID-yhxt-1rx2-cbc1 |
| summary |
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| purl |
pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1dky-1wb2-huaa |
|
| 1 |
| vulnerability |
VCID-4mt9-s54t-uub2 |
|
| 2 |
| vulnerability |
VCID-6x2t-evww-sbdv |
|
| 3 |
| vulnerability |
VCID-7nuu-hq66-67es |
|
| 4 |
| vulnerability |
VCID-aqh3-9esc-jqg7 |
|
| 5 |
| vulnerability |
VCID-ax7h-qsmd-hyc9 |
|
| 6 |
| vulnerability |
VCID-btq8-dzuk-4yfk |
|
| 7 |
| vulnerability |
VCID-bytg-r7hs-gyeg |
|
| 8 |
| vulnerability |
VCID-c2n4-uugz-wfac |
|
| 9 |
| vulnerability |
VCID-gg77-12mg-k7d2 |
|
| 10 |
| vulnerability |
VCID-mzzq-s6gj-k3hw |
|
| 11 |
| vulnerability |
VCID-ndst-6nx1-1qcp |
|
| 12 |
| vulnerability |
VCID-p82j-3rgh-tqgf |
|
| 13 |
| vulnerability |
VCID-q9zx-mkrf-k3bh |
|
| 14 |
| vulnerability |
VCID-snd9-bt5h-6ycw |
|
| 15 |
| vulnerability |
VCID-v9g2-msy2-gbhc |
|
| 16 |
| vulnerability |
VCID-xsp3-9g35-m7b5 |
|
| 17 |
| vulnerability |
VCID-yhxt-1rx2-cbc1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4 |
|
| 1 |
|
|
| aliases |
CVE-2017-1000456
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yhxt-1rx2-cbc1 |
|