Search for packages
| purl | pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13qc-nqyc-f7d2
Aliases: CVE-2022-38784 |
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. |
Affected by 12 other vulnerabilities. |
|
VCID-179b-vp7u-zbcs
Aliases: CVE-2017-14517 |
Affected by 24 other vulnerabilities. |
|
|
VCID-18pq-xbzu-tygw
Aliases: CVE-2017-7511 |
Affected by 24 other vulnerabilities. |
|
|
VCID-1w5c-axe5-mbb5
Aliases: CVE-2020-36023 |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. |
Affected by 3 other vulnerabilities. |
|
VCID-2fvn-pw8k-v7br
Aliases: CVE-2017-14617 |
Affected by 24 other vulnerabilities. |
|
|
VCID-2n6e-ae17-wqdw
Aliases: CVE-2019-7310 |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. |
Affected by 24 other vulnerabilities. |
|
VCID-2sp9-xau1-zycq
Aliases: CVE-2017-14976 |
Affected by 24 other vulnerabilities. |
|
|
VCID-34dn-mxpn-k3bk
Aliases: CVE-2017-14926 |
Affected by 24 other vulnerabilities. |
|
|
VCID-57nt-94hp-duee
Aliases: CVE-2017-9406 |
Affected by 24 other vulnerabilities. |
|
|
VCID-5j7m-cczq-yuev
Aliases: CVE-2022-37051 |
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. |
Affected by 3 other vulnerabilities. |
|
VCID-6qqv-62qd-vkf4
Aliases: CVE-2019-10873 |
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. |
Affected by 24 other vulnerabilities. |
|
VCID-6t3h-uqmp-8qcx
Aliases: CVE-2017-9865 |
Affected by 24 other vulnerabilities. |
|
|
VCID-7ugc-azkz-mfhf
Aliases: CVE-2017-9408 |
Affected by 24 other vulnerabilities. |
|
|
VCID-8nzr-2wrc-yuan
Aliases: CVE-2019-10872 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. |
Affected by 24 other vulnerabilities. |
|
VCID-8x86-nhbd-gufh
Aliases: CVE-2018-18897 |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. |
Affected by 12 other vulnerabilities. |
|
VCID-92s6-szxa-1qds
Aliases: CVE-2019-14494 |
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
Affected by 12 other vulnerabilities. |
|
VCID-adaa-szp3-r3hp
Aliases: CVE-2017-1000456 |
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. |
Affected by 24 other vulnerabilities. |
|
VCID-anev-mcay-1ubs
Aliases: CVE-2017-14977 |
Affected by 24 other vulnerabilities. |
|
|
VCID-aqc4-jbue-fkff
Aliases: CVE-2019-9959 |
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. |
Affected by 12 other vulnerabilities. |
|
VCID-bh11-g94j-mfc4
Aliases: CVE-2022-37052 |
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. |
Affected by 3 other vulnerabilities. |
|
VCID-bnaf-j7pc-5yag
Aliases: CVE-2019-10018 |
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. |
Affected by 24 other vulnerabilities. |
|
VCID-by7a-pfgd-kyfu
Aliases: CVE-2017-14928 |
Affected by 24 other vulnerabilities. |
|
|
VCID-cbf7-n67s-fua3
Aliases: CVE-2018-19149 |
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. |
Affected by 24 other vulnerabilities. |
|
VCID-cm94-phf6-nbfq
Aliases: CVE-2017-18267 |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. |
Affected by 24 other vulnerabilities. |
|
VCID-d43d-scyj-9bh6
Aliases: CVE-2018-16646 |
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. |
Affected by 24 other vulnerabilities. |
|
VCID-dzff-t65q-vuee
Aliases: CVE-2019-10871 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. |
Affected by 12 other vulnerabilities. |
|
VCID-e7cb-gaxa-tkey
Aliases: CVE-2019-9200 |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. |
Affected by 24 other vulnerabilities. |
|
VCID-eqbz-ekbm-zfab
Aliases: CVE-2018-20650 |
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. |
Affected by 12 other vulnerabilities. |
|
VCID-f73u-uzgx-v3fw
Aliases: CVE-2018-19060 |
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. |
Affected by 12 other vulnerabilities. |
|
VCID-ft16-rjr8-hqdx
Aliases: CVE-2018-19059 |
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. |
Affected by 12 other vulnerabilities. |
|
VCID-j82p-qpxc-dbfs
Aliases: CVE-2022-27337 |
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
Affected by 12 other vulnerabilities. |
|
VCID-jeeh-gy97-1bcs
Aliases: CVE-2017-14519 |
Affected by 24 other vulnerabilities. |
|
|
VCID-kent-nqge-q7af
Aliases: CVE-2017-15565 |
Affected by 24 other vulnerabilities. |
|
|
VCID-mdmd-azwm-vbbz
Aliases: CVE-2017-14975 |
Affected by 24 other vulnerabilities. |
|
|
VCID-mw2f-2u1d-pbep
Aliases: CVE-2020-27778 |
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. |
Affected by 12 other vulnerabilities. |
|
VCID-n7rt-f5sd-f7h6
Aliases: CVE-2020-23804 |
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. |
Affected by 12 other vulnerabilities. |
|
VCID-nnmf-u7fh-t3hu
Aliases: CVE-2018-20662 |
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. |
Affected by 24 other vulnerabilities. |
|
VCID-p8zt-gbzd-yyf8
Aliases: CVE-2022-38349 |
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. |
Affected by 3 other vulnerabilities. |
|
VCID-pjcg-14ye-xugt
Aliases: CVE-2020-18839 |
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. |
Affected by 12 other vulnerabilities. |
|
VCID-q7wd-6hgf-1yea
Aliases: CVE-2018-13988 |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. |
Affected by 24 other vulnerabilities. |
|
VCID-qp15-b5wq-2ueu
Aliases: CVE-2017-14927 |
poppler: NULL pointer dereference in the SplashOutputDev::type3D0() function |
Affected by 24 other vulnerabilities. |
|
VCID-r8b4-sfyn-fydn
Aliases: CVE-2018-19058 |
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. |
Affected by 12 other vulnerabilities. |
|
VCID-rp5j-j2w6-9yam
Aliases: CVE-2019-12293 |
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. |
Affected by 24 other vulnerabilities. |
|
VCID-s4t1-hge6-6bdr
Aliases: CVE-2017-14518 |
Affected by 24 other vulnerabilities. |
|
|
VCID-sam6-g21p-27ct
Aliases: CVE-2020-36024 |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. |
Affected by 3 other vulnerabilities. |
|
VCID-sb5j-qhug-k7bk
Aliases: CVE-2019-11026 |
poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc |
Affected by 12 other vulnerabilities. |
|
VCID-sd6h-f97f-t3af
Aliases: CVE-2025-32365 |
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. |
Affected by 3 other vulnerabilities. |
|
VCID-ss2a-k66r-tyh1
Aliases: CVE-2017-14520 |
Affected by 24 other vulnerabilities. |
|
|
VCID-su2r-ant2-bqcg
Aliases: CVE-2017-9775 |
Affected by 24 other vulnerabilities. |
|
|
VCID-t63s-9tx3-hbc9
Aliases: CVE-2018-20481 |
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. |
Affected by 24 other vulnerabilities. |
|
VCID-temj-asx6-hygj
Aliases: CVE-2018-21009 |
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. |
Affected by 24 other vulnerabilities. |
|
VCID-u6b7-hsbd-uyfv
Aliases: CVE-2019-9903 |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. |
Affected by 12 other vulnerabilities. |
|
VCID-w1t7-xbb5-3qh1
Aliases: CVE-2024-56378 |
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. |
Affected by 3 other vulnerabilities. |
|
VCID-wwmb-6z7y-h7et
Aliases: CVE-2019-9631 |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. |
Affected by 24 other vulnerabilities. |
|
VCID-wxqy-xnjs-nkd1
Aliases: CVE-2025-32364 |
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. |
Affected by 3 other vulnerabilities. |
|
VCID-x1t9-9wpj-dug4
Aliases: CVE-2017-7515 |
Affected by 24 other vulnerabilities. |
|
|
VCID-x7vn-qyuv-qber
Aliases: CVE-2017-14929 |
Affected by 24 other vulnerabilities. |
|
|
VCID-yyv8-kt7v-9ubm
Aliases: CVE-2017-9776 |
Affected by 24 other vulnerabilities. |
|
|
VCID-yzxk-8kas-tbgp
Aliases: CVE-2022-37050 |
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. |
Affected by 3 other vulnerabilities. |
|
VCID-z1ku-3ees-4qc2
Aliases: CVE-2018-20551 |
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. |
Affected by 24 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-179b-vp7u-zbcs |
CVE-2017-14517
|
|
| VCID-2sp9-xau1-zycq |
CVE-2017-14976
|
|
| VCID-57nt-94hp-duee |
CVE-2017-9406
|
|
| VCID-6t3h-uqmp-8qcx |
CVE-2017-9865
|
|
| VCID-7ugc-azkz-mfhf |
CVE-2017-9408
|
|
| VCID-9g9d-gmnn-13du | There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. |
CVE-2018-10768
|
| VCID-adaa-szp3-r3hp | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. |
CVE-2017-1000456
|
| VCID-anev-mcay-1ubs |
CVE-2017-14977
|
|
| VCID-jeeh-gy97-1bcs |
CVE-2017-14519
|
|
| VCID-kent-nqge-q7af |
CVE-2017-15565
|
|
| VCID-mdmd-azwm-vbbz |
CVE-2017-14975
|
|
| VCID-qvns-5e66-xubu | xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak |
CVE-2019-12360
|
| VCID-s4t1-hge6-6bdr |
CVE-2017-14518
|
|
| VCID-ss2a-k66r-tyh1 |
CVE-2017-14520
|
|
| VCID-su2r-ant2-bqcg |
CVE-2017-9775
|
|
| VCID-yyv8-kt7v-9ubm |
CVE-2017-9776
|
|
| VCID-yzyy-k155-cbd2 |
CVE-2015-8868
|
|
| VCID-z1c9-gb13-q7hv | A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data. |
CVE-2019-12493
|