CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36024 – poppler: NULL pointer dereference in `FoFiType1C::convertToType1`
https://notcve.org/view.php?id=CVE-2020-36024
11 Aug 2023 — An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. A flaw was found in the Poppler package. This flaw allows attackers to possibly cause a denial of service via a crafted .pdf file to the FoFiType1C::convertToType1 function. An update for poppler is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34872 – Ubuntu Security Notice USN-6273-1
https://notcve.org/view.php?id=CVE-2023-34872
31 Jul 2023 — A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
30 Aug 2022 — Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGSt... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El proc... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-27337 – poppler: A logic error in the Hints::Hints function can cause denial of service
https://notcve.org/view.php?id=CVE-2022-27337
05 May 2022 — A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Un error lógico en la función Hints::Hints de Poppler versión v22.03.0, permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo PDF diseñado A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the pro... • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 • CWE-1173: Improper Use of Validation Framework •
CVSS: 7.8EPSS: 64%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
24 Aug 2021 — An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35702
https://notcve.org/view.php?id=CVE-2020-35702
25 Dec 2020 — DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects ** EN DISPUTA ** L... • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27778 – poppler: pdftohtml: access to uninitialized pointer could lead to DoS
https://notcve.org/view.php?id=CVE-2020-27778
26 Nov 2020 — A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. Se encontró un fallo en Poppler en la manera en que determinados archivos PDF se convertían a HTML. Un atacante remoto podría explotar este fallo proporcionando un archivo PDF malicioso que, cuando se procesaba por el programa "pdftohtml", bloquea... • https://bugzilla.redhat.com/show_bug.cgi?id=1900712 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21009 – poppler: integer overflow in Parser::makeStream in Parser.cc
https://notcve.org/view.php?id=CVE-2018-21009
05 Sep 2019 — Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Poppler anterior de la versión 0.66.0 tiene un desbordamiento de enteros en Parser :: makeStream en Parser.cc. Poppler is a Portable Document Format rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format, PostScript, Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Issues ad... • https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-14494 – poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-14494
01 Aug 2019 — An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Se detectó un problema en Poppler hasta versión 0.78.0. Se presenta un error de división por cero en la función SplashOutputDev::tilingPatternFill en el archivo SplashOutputDev.cc. A divide-by-zero error was found in the way Poppler handled certain PDF files. • https://gitlab.freedesktop.org/poppler/poppler/issues/802 • CWE-369: Divide By Zero •