CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-11026
https://notcve.org/view.php?id=CVE-2019-11026
08 Apr 2019 — FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. FontInfoScanner::scanFonts en FontInfo.cc en Poppler 0.75.0 tiene una recursión infinita, que lleva a una llamada a la función de error en Error.cc. • https://gitlab.freedesktop.org/poppler/poppler/issues/752 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10873 – Ubuntu Security Notice USN-4042-1
https://notcve.org/view.php?id=CVE-2019-10873
05 Apr 2019 — An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay un problema de desreferencia de puntero NULL en la función SplashClip::clipAALine en splash/SplashClip.cc. It was discovered that poppler incorrectly handled certain files. • http://www.securityfocus.com/bid/107862 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10872
https://notcve.org/view.php?id=CVE-2019-10872
05 Apr 2019 — An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función Splash::blitTransparent en splash/Splash.cc. • http://www.securityfocus.com/bid/107862 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10871 – poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-10871
05 Apr 2019 — An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función PSOutputDev::checkPageSlice en PSOutputDev.cc. Poppler is a Portable Document Format rendering library, used by applications such as Evince. • http://www.securityfocus.com/bid/107862 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 2CVE-2019-9903 – poppler: stack consumption in function Dict::find() in Dict.cc
https://notcve.org/view.php?id=CVE-2019-9903
21 Mar 2019 — PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. PDFDoc::markObject en PDFDoc.cc en Poppler 0.74.0 gestiona de manera incorrecta el marcado de diccionarios, que conduce al consumo de pila en la función Dict::find() en Dict.cc, que puede (por ejemplo) desencadenarse pasando un archivo pdf manipulado al binario pdfuni... • http://www.securityfocus.com/bid/107560 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-9631 – poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc
https://notcve.org/view.php?id=CVE-2019-9631
08 Mar 2019 — Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. Poppler en su versión 0.74.0, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función CairoRescaleBox.cc downsample_row_box_filter. Poppler is a Portable Document Format rendering library, used by applications such as Evince or Okular. Issues addressed include buffer overflow and null pointer vulnerabilities. • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9543
https://notcve.org/view.php?id=CVE-2019-9543
01 Mar 2019 — An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. Se ha descubierto un problema en Poppler 0.74.0. • http://www.securityfocus.com/bid/107238 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9545
https://notcve.org/view.php?id=CVE-2019-9545
01 Mar 2019 — An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. Se ha descubierto un problema en Poppler 0.74.0. • https://gitlab.freedesktop.org/poppler/poppler/issues/731 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 2CVE-2019-9200 – poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc
https://notcve.org/view.php?id=CVE-2019-9200
26 Feb 2019 — A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Existe un "infraescritura" de búfer basado en memoria dinámica (heap) en mageStream::getLine() en Stream.cc en la versión 0.74.0 de Poppler que puede, por ejemplo, desencadenarse mediante el envío de un ar... • http://www.securityfocus.com/bid/107172 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2019-7310 – poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
https://notcve.org/view.php?id=CVE-2019-7310
03 Feb 2019 — In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. En la versión 0.73.0 de Poppler, una sobrelectura de búfer (debido a un error en la propiedad signedness de un número entero en la función XRef::getEntry function en XRef.cc) basada en memoria dinámica (heap) p... • http://www.securityfocus.com/bid/106829 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •