Freedesktop: >> Poppler >> 0.24.3 Security Vulnerabilities
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-06-22
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVSS Score
7.8
EPSS Score
0.012
Published
2017-06-22
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-06-06
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-05-30
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVSS Score
3.3
EPSS Score
0.001
Published
2014-04-22
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
CVSS Score
5.0
EPSS Score
0.025
Published
2014-01-26
Page 3