CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-9959 – poppler: integer overflow in JPXStream::init function leading to memory consumption
https://notcve.org/view.php?id=CVE-2019-9959
22 Jul 2019 — The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. La función JPXStream::init en Poppler versión 0.78.0 y anteriores, no comprueba los valores negativos de la longitud de la transmisión, lo que conlleva a un Desbordamiento de Enteros, y por lo tanto hace posible asignar una gr... • http://www.securityfocus.com/bid/109342 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12293 – poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc
https://notcve.org/view.php?id=CVE-2019-12293
23 May 2019 — In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. En Poppler hasta la versión 0.76.1, existe una lectura en exceso del búfer por saturación en JPXStream :: init en JPEG2000Stream.cc por medio de datos con alturas o anchos inconsistentes. Poppler is a Portable Document Format rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable D... • http://www.securityfocus.com/bid/108457 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19149 – poppler: NULL pointer dereference in _poppler_attachment_new
https://notcve.org/view.php?id=CVE-2018-19149
10 Nov 2018 — Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. Poppler en versiones anteriores a 0.70.0 tiene una desreferencia de puntero NULL en _poppler_attachment_new cuando se llama desde poppler_annot_fichero_attachment_attachment_get_attachment. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. It was discovered that poppler incorr... • http://www.securityfocus.com/bid/106031 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-13988 – poppler: out of bounds read in pdfunite
https://notcve.org/view.php?id=CVE-2018-13988
22 Jul 2018 — Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. Poppler hasta la versión 0.62 contiene una vulnerabilidad de lectura fuera de límites debido a un acceso incorrecto a la memoria que no se mapea en su espacio de memoria, tal y como queda demostrado con pdfuni... • https://packetstorm.news/files/id/148661 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2017-18267 – poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service
https://notcve.org/view.php?id=CVE-2017-18267
10 May 2018 — The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. La función FoFiType1C::cvtGlyph en fofi/FoFiType1C.cc en Poppler 0.64.0 permite que atacantes remotos provoquen una denegación de servicio (recursión infinita) mediante un archivo PDF manipulado, tal y como demuestra pdftops. It was discovered that poppler incorrectly handled certain PDF files. An attac... • https://access.redhat.com/errata/RHBA-2019:0327 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-2814
https://notcve.org/view.php?id=CVE-2017-2814
12 Jul 2017 — An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de pila explotable en la funcionalidad de renderizado de imágenes de Poppler versión 0.53.0. Un pdf específicamente creado pu... • http://www.securityfocus.com/bid/99497 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2818
https://notcve.org/view.php?id=CVE-2017-2818
12 Jul 2017 — An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de pila explotable en la funcionalidad de renderizado de imágenes de Poppler versión 0.53.0. Un PDF específicamente creado puede causar un número ex... • http://www.securityfocus.com/bid/99497 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-2820 – Ubuntu Security Notice USN-3350-1
https://notcve.org/view.php?id=CVE-2017-2820
07 Jul 2017 — An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. Se presenta una vulnerabilidad de desbordamiento de enteros explotable en la funcionalidad de análisis de imágen... • http://www.securityfocus.com/bid/99497 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2017-9776 – poppler: Integer overflow in JBIG2Stream.cc
https://notcve.org/view.php?id=CVE-2017-9776
22 Jun 2017 — Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperad... • http://www.securityfocus.com/bid/99240 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-9775 – poppler: Stack-buffer overflow in GfxState.cc
https://notcve.org/view.php?id=CVE-2017-9775
22 Jun 2017 — Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. Un desbordamiento de búfer basado en pila en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un documento PDF modificado. A stack-based buffer overflow was found in the poppler library. An attacker ... • http://www.securityfocus.com/bid/99241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •