CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32365
https://notcve.org/view.php?id=CVE-2025-32365
05 Apr 2025 — Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577 • CWE-125: Out-of-bounds Read •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32364 – Ubuntu Security Notice USN-7426-1
https://notcve.org/view.php?id=CVE-2025-32364
05 Apr 2025 — A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. It was discovered that poppler incorrectly handled memory when opening certain PDF files. An attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6239 – Poppler: pdfinfo: crash in broken documents when using -dests parameter
https://notcve.org/view.php?id=CVE-2024-6239
21 Jun 2024 — A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Se encontró una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el parámetro -dests con la utilidad pdfinfo. • https://access.redhat.com/security/cve/CVE-2024-6239 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34872 – Ubuntu Security Notice USN-6273-1
https://notcve.org/view.php?id=CVE-2023-34872
31 Jul 2023 — A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
30 Aug 2022 — Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGSt... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El proc... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-27337 – poppler: A logic error in the Hints::Hints function can cause denial of service
https://notcve.org/view.php?id=CVE-2022-27337
05 May 2022 — A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Un error lógico en la función Hints::Hints de Poppler versión v22.03.0, permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo PDF diseñado A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the pro... • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 • CWE-1173: Improper Use of Validation Framework •
CVSS: 7.8EPSS: 64%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
24 Aug 2021 — An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •