Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
poppler vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-19149
Poppler prior to 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Freedesktop Poppler
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
383
VMScore
CVE-2018-20551
A reachable Object::getString assertion in Poppler 0.72.0 allows malicious users to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
Freedesktop Poppler 0.72.0
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
NA
CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu...
Freedesktop Poppler
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
383
VMScore
CVE-2018-19059
An issue exists in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
Freedesktop Poppler 0.71.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
383
VMScore
CVE-2018-19060
An issue exists in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
Freedesktop Poppler 0.71.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
607
VMScore
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a ...
Apple Mac Os X
Apple Mac Os X 10.15.7
Apple Ipados
Apple Watchos
Apple Macos
Apple Iphone Os
Xpdfreader Xpdf
Freedesktop Poppler
5 Github repositories
5 Articles
383
VMScore
CVE-2018-16646
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
Freedesktop Poppler 0.68.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
1 Github repository
605
VMScore
CVE-2019-9200
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an malicious user to cause Denial of Service (Segmentation fault) or possibl...
Freedesktop Poppler 0.74.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
383
VMScore
CVE-2018-20481
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.c...
Freedesktop Poppler 0.72.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
605
VMScore
CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler prior to 0.5.91, (2) gpdf prior to 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote malicious users to execute arbitrary code via ...
Xpdfreader Xpdf 3.02
Apple Cups
Freedesktop Poppler
Gpdf Project Gpdf
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »