CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6239 – Poppler: pdfinfo: crash in broken documents when using -dests parameter
https://notcve.org/view.php?id=CVE-2024-6239
21 Jun 2024 — A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. • https://access.redhat.com/security/cve/CVE-2024-6239 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38349 – Ubuntu Security Notice USN-6508-1
https://notcve.org/view.php?id=CVE-2022-38349
22 Aug 2023 — An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. Se ha descubierto un problema en Poppler 22.08.0. Hay una aserción alcanzable en Object.h, provocará una denegación de servicio porque PDFDoc::replacePageDict en PDFDoc.cc carece de una comprobación de flujo antes de guardar un archivo incrustado. It was discovered that poppler incorrectly hand... • https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37050
https://notcve.org/view.php?id=CVE-2022-37050
22 Aug 2023 — In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. En Poppler 22.07.0, PDFDoc::savePageAs en PDFDoc.c permite a los atacantes provocar una denegación de servicio (la aplicación se bloquea con SIGABRT) mediante la creación de un archivo PDF en el que la... • https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37051
https://notcve.org/view.php?id=CVE-2022-37051
22 Aug 2023 — An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. Se ha descubierto un problema en Poppler 22.07.0. Hay un aborto alcanzable que conduce a la denegación de servicio debido a que la función principal en pdfunite.cc carece de una comprobación de flujo antes de guardar un archivo incrustado. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37052 – Ubuntu Security Notice USN-6508-2
https://notcve.org/view.php?id=CVE-2022-37052
22 Aug 2023 — A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. Una aserción alcanzable Object::getString en Poppler 22.07.0 permite a los atacantes causar una denegación de servicio debido a un fallo en markObject. USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-23804 – Ubuntu Security Notice USN-6508-2
https://notcve.org/view.php?id=CVE-2020-23804
22 Aug 2023 — Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. La recursión incontrolada en pdfinfo y pdftops en poppler 0.89.0 permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada. USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/936 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18839
https://notcve.org/view.php?id=CVE-2020-18839
22 Aug 2023 — Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. Vulnerabilidad de desbordamiento de búfer en HtmlOutputDev::page en poppler 0.75.0 que permite a los atacantes provocar una denegación de servicio. • https://gitlab.freedesktop.org/poppler/poppler/issues/742 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36023 – Ubuntu Security Notice USN-6299-1
https://notcve.org/view.php?id=CVE-2020-36023
11 Aug 2023 — An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36024 – poppler: NULL pointer dereference in `FoFiType1C::convertToType1`
https://notcve.org/view.php?id=CVE-2020-36024
11 Aug 2023 — An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. A flaw was found in the Poppler package. This flaw allows attackers to possibly cause a denial of service via a crafted .pdf file to the FoFiType1C::convertToType1 function. An update for poppler is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34872 – Ubuntu Security Notice USN-6273-1
https://notcve.org/view.php?id=CVE-2023-34872
31 Jul 2023 — A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe •