CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32365
https://notcve.org/view.php?id=CVE-2025-32365
05 Apr 2025 — Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577 • CWE-125: Out-of-bounds Read •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32364 – Ubuntu Security Notice USN-7426-1
https://notcve.org/view.php?id=CVE-2025-32364
05 Apr 2025 — A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. USN-7426-1 fixed several vulnerabilities in poppler. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that poppler incorrectly handled memory when opening certain PDF files. An attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6239 – Poppler: pdfinfo: crash in broken documents when using -dests parameter
https://notcve.org/view.php?id=CVE-2024-6239
21 Jun 2024 — A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. • https://access.redhat.com/security/cve/CVE-2024-6239 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34872 – Ubuntu Security Notice USN-6273-1
https://notcve.org/view.php?id=CVE-2023-34872
31 Jul 2023 — A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
30 Aug 2022 — Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGSt... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El proc... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 64%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
24 Aug 2021 — An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27778 – poppler: pdftohtml: access to uninitialized pointer could lead to DoS
https://notcve.org/view.php?id=CVE-2020-27778
26 Nov 2020 — A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. Se encontró un fallo en Poppler en la manera en que determinados archivos PDF se convertían a HTML. Un atacante remoto podría explotar este fallo proporcionando un archivo PDF malicioso que, cuando se procesaba por el programa "pdftohtml", bloquea... • https://bugzilla.redhat.com/show_bug.cgi?id=1900712 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21009 – poppler: integer overflow in Parser::makeStream in Parser.cc
https://notcve.org/view.php?id=CVE-2018-21009
05 Sep 2019 — Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Poppler anterior de la versión 0.66.0 tiene un desbordamiento de enteros en Parser :: makeStream en Parser.cc. Poppler is a Portable Document Format rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format, PostScript, Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Issues ad... • https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-14494 – poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-14494
01 Aug 2019 — An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Se detectó un problema en Poppler hasta versión 0.78.0. Se presenta un error de división por cero en la función SplashOutputDev::tilingPatternFill en el archivo SplashOutputDev.cc. A divide-by-zero error was found in the way Poppler handled certain PDF files. • https://gitlab.freedesktop.org/poppler/poppler/issues/802 • CWE-369: Divide By Zero •