CVSS: 5.5EPSS: 0%CPEs: 79EXPL: 0CVE-2017-7511 – Ubuntu Security Notice USN-3350-1
https://notcve.org/view.php?id=CVE-2017-7511
30 May 2017 — poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. poppler desde versión 0.17.3, ha sido vulnerable a una desreferencia del puntero NULL en pdfunite desencadenada por documentos especialmente diseñados. Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrar... • https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4472
https://notcve.org/view.php?id=CVE-2013-4472
22 Apr 2014 — The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. La función openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque symlink sobre archivos temporales con nombres previsibles. • http://osvdb.org/99064 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 2%CPEs: 84EXPL: 0CVE-2013-7296 – Gentoo Linux Security Advisory 201401-21
https://notcve.org/view.php?id=CVE-2013-7296
22 Jan 2014 — The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. El método JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegación de servici... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 31%CPEs: 123EXPL: 1CVE-2013-4474 – Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String
https://notcve.org/view.php?id=CVE-2013-4474
21 Nov 2013 — Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Vulnerabilidad de formato de cadena en la función extractPages en utils/pdfseparate.cc de Poppler anterior a la versión 024.2 permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de cadena en un nombre de archivo de destino. Poppler is found ... • https://www.exploit-db.com/exploits/38817 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 123EXPL: 3CVE-2013-4473 – Mandriva Linux Security Advisory 2013-272
https://notcve.org/view.php?id=CVE-2013-4473
21 Nov 2013 — Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Desbordamiento de búfer basado en pila en la función extractPages de utils/pdfseparate.cc en Poppler anterior a la versión 0.24.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un nombre de archivo fuente. P... • http://bugs.debian.org/723124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2012-2142 – Slackware Security Advisory - xpdf Updates
https://notcve.org/view.php?id=CVE-2012-2142
23 Aug 2013 — The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. La función error en el archivo Error.cc en poppler versiones anteriores a 0.21.4, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un PDF que contiene una secuencia de escape para un emulador terminal. New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 5CVE-2013-1788 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1788
09 Apr 2013 — poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de vectores que disparan un "acceso de memoria invalida" en (1) splash/Splash.cc... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2013-1789 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1789
09 Apr 2013 — splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. splash/Splash.cc en poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (referencia NULL y caída de la aplicación) a través de vectores relacionados con las funciones (1) Splash::arbitrar... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2013-1790 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1790
09 Apr 2013 — poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. poppler/Stream.cc en poppler anterior a 0.22.1 permite a atacantes dependientes de contexto tener un impacto no especificado a través de vectores que provocan una lectura de memoria no inicializada por la función CCITTFaxStream::lookChar Multiple vulnerabilities have been found in Poppler, some of which m... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •