Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
evince vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-26432
Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the Evince document viewer: CVE-2010-2640 Insufficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. C...
5.5
CVSSv3
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince up to and including 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
Gnome Evince
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Opensuse Leap 15.0
8.8
CVSSv3
CVE-2018-21009
Poppler prior to 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
Freedesktop Poppler
6.5
CVSSv3
CVE-2019-10871
An issue exists in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
Freedesktop Poppler 0.74.0
6.5
CVSSv3
CVE-2019-9959
The JPXStream::init function in Poppler 0.78.0 and previous versions doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonst...
Freedesktop Poppler
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
7.5
CVSSv3
CVE-2019-14494
An issue exists in Poppler up to and including 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
Freedesktop Poppler
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
8.8
CVSSv3
CVE-2019-12293
In Poppler up to and including 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
Freedesktop Poppler
6.5
CVSSv3
CVE-2017-9083
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
Freedesktop Poppler 0.54.0
NA
CVE-2012-6535
DjVuLibre prior to 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
Djvulibre Project Djvulibre 3.5.21
Djvulibre Project Djvulibre 3.5.20
Djvulibre Project Djvulibre 3.5.13
Djvulibre Project Djvulibre 3.5.12
Djvulibre Project Djvulibre 3.5.4
Djvulibre Project Djvulibre 3.5.3
Djvulibre Project Djvulibre
Djvulibre Project Djvulibre 3.5.24
Djvulibre Project Djvulibre 3.5.17
Djvulibre Project Djvulibre 3.5.16
Djvulibre Project Djvulibre 3.5.9
Djvulibre Project Djvulibre 3.5.8
Djvulibre Project Djvulibre 3.5.23
Djvulibre Project Djvulibre 3.5.22
Djvulibre Project Djvulibre 3.5.15
Djvulibre Project Djvulibre 3.5.14
Djvulibre Project Djvulibre 3.5.7
Djvulibre Project Djvulibre 3.5.6
Djvulibre Project Djvulibre 3.5.5
Djvulibre Project Djvulibre 3.5.19
Djvulibre Project Djvulibre 3.5.18
Djvulibre Project Djvulibre 3.5.11
NA
CVE-2008-1693
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly prior to 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote malicious users to execute arbitrary code via a cr...
Poppler Poppler 0.1
Poppler Poppler 0.1.1
Poppler Poppler 0.4.0
Poppler Poppler 0.4.1
Poppler Poppler 0.5.3
Poppler Poppler 0.5.4
Poppler Poppler 0.7.0
Poppler Poppler 0.7.1
Poppler Poppler 0.1.2
Poppler Poppler 0.2.0
Poppler Poppler 0.4.2
Poppler Poppler 0.4.3
Poppler Poppler 0.5.9
Poppler Poppler 0.5.91
Poppler Poppler 0.7.2
Poppler Poppler
Poppler Poppler 0.3.0
Poppler Poppler 0.3.1
Poppler Poppler 0.4.4
Poppler Poppler 0.5.0
Poppler Poppler 0.6.0
Poppler Poppler 0.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »