CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-20662 – poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc
https://notcve.org/view.php?id=CVE-2018-20662
03 Jan 2019 — In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. En la versión 0.72.0 de Poppler, PDFDoc::setup en PDFDoc.cc permite a los atacantes remotos provocar una denegación de servicio (cierre inesperado de la aplicación provocado por un SIGABRT en Object.h debido a un va... • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc
https://notcve.org/view.php?id=CVE-2018-20650
01 Jan 2019 — A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pd... • http://www.securityfocus.com/bid/106459 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20551 – poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c
https://notcve.org/view.php?id=CVE-2018-20551
28 Dec 2018 — A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Una aserción alcanzable en Object::getString en Poppler 0.72.0 permite que los atacantes provoquen una denegación de servicio (DoS) debido a la construcción de activos de anotaciones de multimedia interactiva en la clase AnnotRichMedia en Annot.c. Poppler is a Portable Document Format rendering library, use... • https://access.redhat.com/errata/RHSA-2019:2713 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-20481 – poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
https://notcve.org/view.php?id=CVE-2018-20481
26 Dec 2018 — XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. XRef::getEntry en XRef.cc en Poppler 0.72.0 gestiona de manera incorrecta las entradas XRef no asignadas, lo que permite que los atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un documen... • http://www.securityfocus.com/bid/106321 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19149 – poppler: NULL pointer dereference in _poppler_attachment_new
https://notcve.org/view.php?id=CVE-2018-19149
10 Nov 2018 — Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. Poppler en versiones anteriores a 0.70.0 tiene una desreferencia de puntero NULL en _poppler_attachment_new cuando se llama desde poppler_annot_fichero_attachment_attachment_get_attachment. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. It was discovered that poppler incorr... • http://www.securityfocus.com/bid/106031 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-19058 – poppler: reachable abort in Object.h
https://notcve.org/view.php?id=CVE-2018-19058
07 Nov 2018 — An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. Se ha descubierto un problema en Poppler 0.71.0. Hay un aborto alcanzable en Object.h, que conducirá a una denegación de servicio (DoS) debido a que EmbFile::save2 en FileSpec.cc carece de una comprobación de flujo antes de guardar un archivo embebido. Poppler is a Portable Document Format rendering librar... • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-400: Uncontrolled Resource Consumption CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19059 – poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc
https://notcve.org/view.php?id=CVE-2018-19059
07 Nov 2018 — An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. Se ha descubierto un problema en Poppler 0.71.0. Hay una lectura fuera de límites en EmbFile::save2 en FileSpec.cc, que conducirá a una denegación de servicio (DoS), tal y como queda demostrado con utils/pdfdetach.cc al no validar archivos embebidos antes de guardar los intentos. Po... • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19060 – poppler: pdfdetach utility does not validate save paths
https://notcve.org/view.php?id=CVE-2018-19060
07 Nov 2018 — An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. Se ha descubierto un problema en Poppler 0.71.0. Hay una desreferencia de puntero NULL en goo/GooString.h, que conducirá a una denegación de servicio (DoS), tal y como queda demostrado con utils/pdfdetach.cc al no validar el nombre de archivos embebidos antes de c... • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1CVE-2018-18897 – poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc
https://notcve.org/view.php?id=CVE-2018-18897
02 Nov 2018 — An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. Se ha descubierto un problema en Poppler 0.71.0. Hay una fuga de memoria en GfxColorSpace::setDisplayProfile in GfxState.cc, tal y como queda demostrado con pdftocairo. Poppler is a Portable Document Format rendering library, used by applications such as Evince or Okular. • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-16646 – poppler: infinite recursion in Parser::getObj function in Parser.cc
https://notcve.org/view.php?id=CVE-2018-16646
06 Sep 2018 — In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. En Poppler 0.68.0, la función Parser::getObj() en Parser.cc podría provocar una recursión infinita mediante un archivo manipulado. Un atacante remoto puede aprovecharse de esto para provocar un ataque de denegación de servicio (DoS). It was discovered that poppler incorrectly handled certain PDF files. • https://access.redhat.com/errata/RHSA-2019:2022 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •