CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6239 – Poppler: pdfinfo: crash in broken documents when using -dests parameter
https://notcve.org/view.php?id=CVE-2024-6239
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. • https://access.redhat.com/security/cve/CVE-2024-6239 https://bugzilla.redhat.com/show_bug.cgi?id=2293594 https://access.redhat.com/errata/RHSA-2024:5305 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36023
https://notcve.org/view.php?id=CVE-2020-36023
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36024 – poppler: NULL pointer dereference in `FoFiType1C::convertToType1`
https://notcve.org/view.php?id=CVE-2020-36024
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. A flaw was found in the Poppler package. This flaw allows attackers to possibly cause a denial of service via a crafted .pdf file to the FoFiType1C::convertToType1 function. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html https://access.redhat.com/security/cve/CVE-2020-36024 https://bugzilla.redhat.com/show_bug.cgi?id=2231520 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34872
https://notcve.org/view.php?id=CVE-2023-34872
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K https://lists.fedorapro •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGStream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente diseñados podría conllevar a un bloqueo o una ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2022/09/02/11 https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6 https://lists.fedoraproject&# • CWE-190: Integer Overflow or Wraparound •