CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2010-5110
https://notcve.org/view.php?id=CVE-2010-5110
29 Aug 2014 — DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. DCTStream.cc en Poppler anterior a 0.13.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4472
https://notcve.org/view.php?id=CVE-2013-4472
22 Apr 2014 — The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. La función openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque symlink sobre archivos temporales con nombres previsibles. • http://osvdb.org/99064 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 2%CPEs: 84EXPL: 0CVE-2013-7296 – Gentoo Linux Security Advisory 201401-21
https://notcve.org/view.php?id=CVE-2013-7296
22 Jan 2014 — The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. El método JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegación de servici... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 123EXPL: 3CVE-2013-4473 – Mandriva Linux Security Advisory 2013-272
https://notcve.org/view.php?id=CVE-2013-4473
21 Nov 2013 — Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Desbordamiento de búfer basado en pila en la función extractPages de utils/pdfseparate.cc en Poppler anterior a la versión 0.24.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un nombre de archivo fuente. P... • http://bugs.debian.org/723124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 17%CPEs: 123EXPL: 1CVE-2013-4474 – Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String
https://notcve.org/view.php?id=CVE-2013-4474
21 Nov 2013 — Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Vulnerabilidad de formato de cadena en la función extractPages en utils/pdfseparate.cc de Poppler anterior a la versión 024.2 permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de cadena en un nombre de archivo de destino. Poppler is found ... • https://www.exploit-db.com/exploits/38817 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4654 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2010-4654
07 Oct 2013 — poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. poppler versiones anteriores a la versión 0.16.3, tiene comandos malformados que pueden corromper la pila interna. Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected. • http://security.gentoo.org/glsa/glsa-201310-03.xml • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2010-4653 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2010-4653
07 Oct 2013 — An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. Puede ocurrir una condición de desbordamiento de enteros en poppler versiones anteriores a la versión 0.16.3, cuando analiza CharCodes para las fuentes. Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected. • http://security.gentoo.org/glsa/glsa-201310-03.xml • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2012-2142 – Slackware Security Advisory - xpdf Updates
https://notcve.org/view.php?id=CVE-2012-2142
23 Aug 2013 — The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. La función error en el archivo Error.cc en poppler versiones anteriores a 0.21.4, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un PDF que contiene una secuencia de escape para un emulador terminal. New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 5CVE-2013-1788 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1788
09 Apr 2013 — poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de vectores que disparan un "acceso de memoria invalida" en (1) splash/Splash.cc... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2013-1790 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1790
09 Apr 2013 — poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. poppler/Stream.cc en poppler anterior a 0.22.1 permite a atacantes dependientes de contexto tener un impacto no especificado a través de vectores que provocan una lectura de memoria no inicializada por la función CCITTFaxStream::lookChar Multiple vulnerabilities have been found in Poppler, some of which m... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •