Freedesktop: >> Poppler >> 0.1 Security Vulnerabilities
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-06-21
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-07-31
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-30
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-22
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Known exploited
CVSS Score
7.8
EPSS Score
0.694
Published
2021-08-24
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-03
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-09
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVSS Score
6.5
EPSS Score
0.008
Published
2019-11-13
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-11-13
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-09-05
Page 1