CVSS: 5.5EPSS: 0%CPEs: 79EXPL: 0CVE-2017-7511 – Ubuntu Security Notice USN-3350-1
https://notcve.org/view.php?id=CVE-2017-7511
30 May 2017 — poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. poppler desde versión 0.17.3, ha sido vulnerable a una desreferencia del puntero NULL en pdfunite desencadenada por documentos especialmente diseñados. Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrar... • https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9083 – Ubuntu Security Notice USN-3350-1
https://notcve.org/view.php?id=CVE-2017-9083
19 May 2017 — poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. En poppler versión 0.54.0, como es usado en Evince y otros productos, presenta una desreferencia de puntero NULL en la función JPXStream::readUByte en el archivo JPXStream.cc. Por ejemplo, la utilidad perf_test se bloqueará (por fallo de segmentación) al analizar un archi... • https://bugs.freedesktop.org/show_bug.cgi?id=101084 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8868 – poppler: heap buffer overflow in ExponentialFunction
https://notcve.org/view.php?id=CVE-2015-8868
02 May 2016 — Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. Desbordamiento de buffer basado en memoria dinámica en la función ExponentialFunction::ExponentialFunction en Poppler en versiones anteriores a 0.40.0 permite a atacantes remotos provocar una denegación d... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2010-5110
https://notcve.org/view.php?id=CVE-2010-5110
29 Aug 2014 — DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. DCTStream.cc en Poppler anterior a 0.13.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero PDF manipulado. • http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4472
https://notcve.org/view.php?id=CVE-2013-4472
22 Apr 2014 — The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. La función openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque symlink sobre archivos temporales con nombres previsibles. • http://osvdb.org/99064 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 2%CPEs: 84EXPL: 0CVE-2013-7296 – Gentoo Linux Security Advisory 201401-21
https://notcve.org/view.php?id=CVE-2013-7296
22 Jan 2014 — The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. El método JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegación de servici... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 123EXPL: 3CVE-2013-4473 – Mandriva Linux Security Advisory 2013-272
https://notcve.org/view.php?id=CVE-2013-4473
21 Nov 2013 — Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Desbordamiento de búfer basado en pila en la función extractPages de utils/pdfseparate.cc en Poppler anterior a la versión 0.24.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un nombre de archivo fuente. P... • http://bugs.debian.org/723124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 31%CPEs: 123EXPL: 1CVE-2013-4474 – Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String
https://notcve.org/view.php?id=CVE-2013-4474
21 Nov 2013 — Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Vulnerabilidad de formato de cadena en la función extractPages en utils/pdfseparate.cc de Poppler anterior a la versión 024.2 permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de cadena en un nombre de archivo de destino. Poppler is found ... • https://www.exploit-db.com/exploits/38817 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4653 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2010-4653
07 Oct 2013 — An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. Puede ocurrir una condición de desbordamiento de enteros en poppler versiones anteriores a la versión 0.16.3, cuando analiza CharCodes para las fuentes. Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected. • http://security.gentoo.org/glsa/glsa-201310-03.xml • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4654 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2010-4654
07 Oct 2013 — poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. poppler versiones anteriores a la versión 0.16.3, tiene comandos malformados que pueden corromper la pila interna. Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected. • http://security.gentoo.org/glsa/glsa-201310-03.xml • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •