Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
poppler vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-5393
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote malicious users to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
Xpdf Xpdf 3.02p11
7.6
CVSSv2
CVE-2007-4352
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote malicious users to trigger memory corruption and execute arbitrary code via a crafted PDF file.
Xpdf Xpdf 3.0.1 Pl1
7.6
CVSSv2
CVE-2006-1244
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPa...
Libextractor Libextractor 0.3.8
Libextractor Libextractor 0.3.9
Xpdf Xpdf 0.92
Xpdf Xpdf 0.93
Xpdf Xpdf 1.0
Xpdf Xpdf 3.0
Xpdf Xpdf 3.0.1
Libextractor Libextractor 0.3.6
Libextractor Libextractor 0.3.7
Xpdf Xpdf 0.90
Xpdf Xpdf 0.91
Xpdf Xpdf 2.2
Xpdf Xpdf 2.3
Libextractor Libextractor 0.4
Libextractor Libextractor 0.4.1
Xpdf Xpdf 1.0a
Xpdf Xpdf 1.1
Xpdf Xpdf 3.0.1 Pl1
Xpdf Xpdf 3.0 Pl2
Gnome Gpdf 2.8.2
Libextractor Libextractor 0.3.11
Libextractor Libextractor 0.4.2
7.5
CVSSv2
CVE-2019-9631
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
Freedesktop Poppler 0.74.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2013-4473
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler prior to 0.24.2 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
Freedesktop Poppler 0.22.4
Freedesktop Poppler 0.22.3
Freedesktop Poppler 0.1
Freedesktop Poppler 0.1.1
Freedesktop Poppler 0.11.3
Freedesktop Poppler 0.12.0
Freedesktop Poppler 0.12.1
Freedesktop Poppler 0.12.2
Freedesktop Poppler 0.12.3
Freedesktop Poppler 0.15.0
Freedesktop Poppler 0.15.1
Freedesktop Poppler 0.15.2
Freedesktop Poppler 0.15.3
Freedesktop Poppler 0.18.0
Freedesktop Poppler 0.18.1
Freedesktop Poppler 0.18.2
Freedesktop Poppler 0.18.3
Freedesktop Poppler 0.21.0
Freedesktop Poppler 0.21.1
Freedesktop Poppler 0.21.2
Freedesktop Poppler 0.21.3
Freedesktop Poppler 0.4.4
7.5
CVSSv2
CVE-2010-3702
The Gfx::getPos function in the PDF parser in xpdf prior to 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent malicious users to cause a denial of service (crash) via unknown vectors that trigg...
Apple Cups
Freedesktop Poppler
Xpdfreader Xpdf
Xpdfreader Xpdf 3.02
Fedoraproject Fedora 12
Fedoraproject Fedora 13
Fedoraproject Fedora 14
Opensuse Opensuse 11.1
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Linux Enterprise Server 9
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 9.10
7.5
CVSSv2
CVE-2009-3904
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote malicious users to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2...
Cubecart Cubecart 4.3.4
1 EDB exploit
7.5
CVSSv2
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and previous versions, CUPS 1.3.9 and previous versions, Poppler prior to 0.10.6, and other products allow remote malicious users to execute arbitrary code via a crafted PDF file.
Glyphandcog Xpdfreader
Glyphandcog Xpdfreader 1.01
Foolabs Xpdf 1.00a
Foolabs Xpdf 0.92d
Foolabs Xpdf 0.92c
Glyphandcog Xpdfreader 0.90
Glyphandcog Xpdfreader 0.80
Glyphandcog Xpdfreader 0.3
Glyphandcog Xpdfreader 0.2
Glyphandcog Xpdfreader 2.03
Glyphandcog Xpdfreader 2.02
Foolabs Xpdf 0.93b
Foolabs Xpdf 0.93a
Glyphandcog Xpdfreader 0.92
Foolabs Xpdf 0.91c
Foolabs Xpdf 0.91b
Glyphandcog Xpdfreader 0.6
Foolabs Xpdf 0.5a
Glyphandcog Xpdfreader 3.00
Glyphandcog Xpdfreader 3.01
Glyphandcog Xpdfreader 1.00
Foolabs Xpdf 0.93c
7.5
CVSSv2
CVE-2008-2950
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and previous versions deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote malicious users to execute arbitrary code via a crafted PDF document.
Poppler Poppler
1 EDB exploit
7.5
CVSSv2
CVE-2006-0301
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows malicious users to cause a denial of service and possibly execute arbitrary code via crafted splash images that prod...
Xpdf Xpdf
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »