CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14520 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-14520
17 Sep 2017 — In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. En Poppler 0.59.0, ocurre una excepción de punto flotante en Splash::scaleImageYuXd() en Splash.cc, lo que puede permitir que se produzca un ataque cuando se manejan archivos PDF maliciosos. Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code ... • https://bugs.freedesktop.org/show_bug.cgi?id=102719 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-2814
https://notcve.org/view.php?id=CVE-2017-2814
12 Jul 2017 — An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de pila explotable en la funcionalidad de renderizado de imágenes de Poppler versión 0.53.0. Un pdf específicamente creado pu... • http://www.securityfocus.com/bid/99497 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2818
https://notcve.org/view.php?id=CVE-2017-2818
12 Jul 2017 — An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de pila explotable en la funcionalidad de renderizado de imágenes de Poppler versión 0.53.0. Un PDF específicamente creado puede causar un número ex... • http://www.securityfocus.com/bid/99497 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-2820 – Ubuntu Security Notice USN-3350-1
https://notcve.org/view.php?id=CVE-2017-2820
07 Jul 2017 — An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. Se presenta una vulnerabilidad de desbordamiento de enteros explotable en la funcionalidad de análisis de imágen... • http://www.securityfocus.com/bid/99497 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9865 – Ubuntu Security Notice USN-4042-1
https://notcve.org/view.php?id=CVE-2017-9865
25 Jun 2017 — The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. La función GfxImageColorMap::getGray en el archivo GfxState.cc de Poppler 0.54.0 permite a una atacante remoto causar una denegación de servicio (buffer overflow basado en pila -stack- y caída de la aplicación mediante un documento PDF manipula... • http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2017-9776 – poppler: Integer overflow in JBIG2Stream.cc
https://notcve.org/view.php?id=CVE-2017-9776
22 Jun 2017 — Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperad... • http://www.securityfocus.com/bid/99240 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-9775 – poppler: Stack-buffer overflow in GfxState.cc
https://notcve.org/view.php?id=CVE-2017-9775
22 Jun 2017 — Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. Un desbordamiento de búfer basado en pila en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un documento PDF modificado. A stack-based buffer overflow was found in the poppler library. An attacker ... • http://www.securityfocus.com/bid/99241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7515 – Ubuntu Security Notice USN-3350-1
https://notcve.org/view.php?id=CVE-2017-7515
06 Jun 2017 — poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. poppler hasta versión 0.55.0, es vulnerable a una recursión no controlada en pdfunite resultando en una potencial denegación de servicio. Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with pri... • https://bugs.freedesktop.org/show_bug.cgi?id=101208 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9406 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-9406
02 Jun 2017 — In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. En Poppler 0.54.0 se ha encontrado una vulnerabilidad de filtrado de memoria en la función gmalloc en gmem.cc que permite a los atacantes provocar una denegación de servicio (DoS) mediante un archivo manipulado. Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into openin... • https://bugs.freedesktop.org/show_bug.cgi?id=100775 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9408 – Debian Security Advisory 4079-1
https://notcve.org/view.php?id=CVE-2017-9408
02 Jun 2017 — In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. En Poppler 0.54.0 se ha encontrado una vulnerabilidad de filtrado de memoria en la función Object::initArray en Object.cc que permite a los atacantes provocar una denegación de servicio (DoS) mediante un archivo manipulado. Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system ... • https://bugs.freedesktop.org/show_bug.cgi?id=100776 • CWE-772: Missing Release of Resource after Effective Lifetime •