Shodan
Vulnerabilities
Vulnerable Software
Freedesktop:  >> Poppler  >> 0.15.1  Security Vulnerabilities
CVE-2021-30860
Known exploited
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS Score
7.8
EPSS Score
0.729
Published
2021-08-24
CVE-2020-27778
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-03
CVE-2012-2142
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVSS Score
7.8
EPSS Score
0.013
Published
2020-01-09
CVE-2010-4653
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVSS Score
6.5
EPSS Score
0.008
Published
2019-11-13
CVE-2010-4654
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-11-13
CVE-2018-21009
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-09-05
CVE-2019-14494
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
CVSS Score
7.5
EPSS Score
0.02
Published
2019-08-01
CVE-2019-9959
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVSS Score
6.5
EPSS Score
0.015
Published
2019-07-22
CVE-2019-12293
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-05-23
CVE-2018-19149
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-11-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved