Vulnerabilites related to freedesktop - Poppler
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=102604 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=102604 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una desreferencia de puntero NULL en la funci\u00f3n SplashOutputDev::type3D0() en SplashOutputDev.cc mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-14927",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:02.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102604"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=102601 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=102601 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una desreferencia de puntero NULL en AnnotRichMedia::Content::Content en Annot.cc mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-14926",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:02.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102601"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=102854 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=102854 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, una excepci\u00f3n de punto flotante ocurre en la clase ImageStream en Stream.cc, lo que podr\u00eda desembocar en un ataque al administrar archivos PDF maliciosos."
}
],
"id": "CVE-2017-14617",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T21:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102854"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-28 16:29
Modified
2024-11-21 04:01
Severity ?
Summary
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2713 | ||
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/issues/703 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146 | Patch, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3886-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/issues/703 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3886-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.72.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F021BE1-4D2A-4D00-9491-714CD38A7B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c."
},
{
"lang": "es",
"value": "Una aserci\u00f3n alcanzable en Object::getString en Poppler 0.72.0 permite que los atacantes provoquen una denegaci\u00f3n de servicio (DoS) debido a la construcci\u00f3n de activos de anotaciones de multimedia interactiva en la clase AnnotRichMedia en Annot.c."
}
],
"id": "CVE-2018-20551",
"lastModified": "2024-11-21T04:01:42.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-28T16:29:05.067",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/703"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3886-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-17 23:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop)."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una corrupci\u00f3n de memoria en una llamada a Object::streamGetChar en Object.h despu\u00e9s de repetir series de llamadas Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText y Gfx::doShowText (tambi\u00e9n conocida como bucle infinito en Gfx.cc)."
}
],
"id": "CVE-2017-14519",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-17T23:29:00.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-17 23:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, ocurre una excepci\u00f3n de punto flotante en Splash::scaleImageYuXd() en Splash.cc, lo que puede permitir que se produzca un ataque cuando se manejan archivos PDF maliciosos."
}
],
"id": "CVE-2017-14520",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-17T23:29:00.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102719"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:14
Severity ?
Summary
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 22.07.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 22.07.0. Hay un aborto alcanzable que conduce a la denegaci\u00f3n de servicio debido a que la funci\u00f3n principal en pdfunite.cc carece de una comprobaci\u00f3n de flujo antes de guardar un archivo incrustado."
}
],
"id": "CVE-2022-37051",
"lastModified": "2024-11-21T07:14:21.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:23.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 03:15
Modified
2024-11-21 07:17
Severity ?
Summary
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "723357B9-ACFF-43F2-92B4-69FC8CE8E3D8",
"versionEndIncluding": "22.08.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf."
},
{
"lang": "es",
"value": "Poppler versiones anteriores a 22.08.0 incluy\u00e9ndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la funci\u00f3n JBIG2Stream::readTextRegionSeg() en el archivo JBIGStream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente dise\u00f1ados podr\u00eda conllevar a un bloqueo o una ejecuci\u00f3n de c\u00f3digo arbitrario. Esto es similar a la vulnerabilidad descrita por CVE-2022-38171 en Xpdf"
}
],
"id": "CVE-2022-38784",
"lastModified": "2024-11-21T07:17:04.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T03:15:07.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38171"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:15
Modified
2024-11-21 05:08
Severity ?
Summary
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/issues/742 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/issues/742 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.75.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C936F57A-BD6D-4E20-8ED1-3315626E8FE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en HtmlOutputDev::page en poppler 0.75.0 que permite a los atacantes provocar una denegaci\u00f3n de servicio. "
}
],
"id": "CVE-2020-18839",
"lastModified": "2024-11-21T05:08:49.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:15:56.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2025-07-02 15:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 22.07.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662."
},
{
"lang": "es",
"value": "En Poppler 22.07.0, PDFDoc::savePageAs en PDFDoc.c permite a los atacantes provocar una denegaci\u00f3n de servicio (la aplicaci\u00f3n se bloquea con SIGABRT) mediante la creaci\u00f3n de un archivo PDF en el que la estructura de datos xref se maneja incorrectamente en el procesamiento getCatalog. Tenga en cuenta que esta vulnerabilidad est\u00e1 causada por el parche incompleto de CVE-2018-20662."
}
],
"id": "CVE-2022-37050",
"lastModified": "2025-07-02T15:15:23.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-22T19:16:23.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 05:29
Modified
2024-11-21 04:22
Severity ?
Summary
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60F8F41D-2F8A-4BAE-B8DC-C3563FA5D227",
"versionEndIncluding": "0.76.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths."
},
{
"lang": "es",
"value": "En Poppler hasta la versi\u00f3n 0.76.1, existe una lectura en exceso del b\u00fafer por saturaci\u00f3n en JPXStream :: init en JPEG2000Stream.cc por medio de datos con alturas o anchos inconsistentes."
}
],
"id": "CVE-2019-12293",
"lastModified": "2024-11-21T04:22:34.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T05:29:00.183",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108457"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/768"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-23 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FAB528-98AD-47D3-99FB-3B1CA071704B",
"versionEndIncluding": "0.24.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28BB4DC8-BCD6-44EB-BD73-C650AF47FE19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2E8A2B-D2FC-4840-BC26-DB2A0E4DA4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81AD541A-77B3-44D3-9442-BAD8888331B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA68DBB-D9AE-4326-AAF4-0D8EF2594107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "037C2903-D964-46E6-9C56-D547E6C40F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17379F92-64FE-4956-B241-6843726C87D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84EE2328-63E4-4BF3-BBB4-C0C40E54AF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03580443-C13D-4ABD-82A9-452EA02D7B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DB12DC-622F-4F28-A91D-5EC07CEB477D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEF0F47-3F69-4DB0-A7B8-C986A430834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9664566B-28F7-45DC-B59B-845DF2AA635E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3790BFE0-971B-46DE-B060-1D0F408F54BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D7A7C-0B5E-41B0-B873-0AEAD4D79034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8CC2DA-01A9-426C-8A43-39F35DEB4D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8644AD8-7867-483A-B9A2-7663F53B4640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8850C474-5EA2-4BC5-B9D1-099F8BE161EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9CB74-99FB-4ED2-A173-AE325CCA0890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4A8973-84AF-434B-B0F5-958CEAFCEFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6706D8-CB52-4CDA-938E-B44AAA687D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "408E7D83-8D04-4584-AFA6-42196A6D99B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "6059804F-09AF-4D66-B297-85A21E8725D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B627E11-43A6-41BE-9BD6-AD5C99B35D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADA618A-D673-44BF-ABFA-8EB95EEF0102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "335FA773-87BC-440E-99BC-46805D9ADA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1DA1DA-94FB-41A7-BCB5-1118E5983A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD46429-7295-43ED-8541-7AD3CAAB2B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5ECCE4-7586-4EEB-9085-7D8DB49E28EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8240022B-EF85-4C18-9B47-CA7DDC125CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3098380E-14D2-4DD4-A6A5-70F5D3A256EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B978283-552D-4573-B318-E6FDFBFAE09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6544F688-064C-4004-A3B1-DBFEF6D3B601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E91CA0-674F-4ECD-B58B-1CCD85A8B497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1618F-71A0-4796-892A-7E1B61BB5729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7AD8C3-6F02-4D32-9B7C-41F865030BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEFD9C7-768F-4751-9242-1206A63D8E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC42677-F36E-4E6B-88CB-2B34E690D0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D05260-CE4B-4EDF-879A-E4CB0C174A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54F7CA-4B73-40AF-BF78-B76CA901AD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47FC185E-9D39-491F-A1FD-F48ACC07E966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2CA2BF-AF2A-40AC-AAAA-5D9FA77DEB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE791B58-693B-447C-A949-4915D08707A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE0E8A-4816-4530-911D-73F4E4EC7621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "271E2F6D-5DAC-4B48-A6DC-C1BD5424D7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2578912-1929-4CCC-B718-60279F5DD9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8739E30F-7987-4749-926A-45B53220D95B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "907F732E-2AC2-4C66-B240-03C5B1A8BE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36176CB9-CB8A-4B54-855D-76D0C9FFA4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E6F617-47EA-40A7-8140-D220F73895C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFF932F-B15C-426C-8368-918BD5397326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E2EF83-C5EF-4A07-9690-D1659AB88AED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "906DB5B3-3AD3-4763-9B97-0875485701AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF81A03-C47B-4250-BF4C-C637662876EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE65D66E-F51E-4B14-901D-8EA47C128CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF00D9C1-07DE-43DF-8185-A06406F61ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B36DB5-6D7D-475D-BD6B-AF1401C41EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "443737A0-75DE-436D-81C0-FC94CB23F2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7D0BBE-D4B4-4CF2-91F1-50864DC92F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03727E0E-E5E9-40EF-B3B6-05B600F04282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DC337D-EBB4-403D-B32D-7B195725CD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEF3348-5BB0-45CB-B59B-4A90EEAAF2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "949E12C4-97BA-4D56-B18E-4AC032834D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40A9D590-FF77-4181-B46C-668249A9B255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0CC3B1-C3F6-4211-9B68-5ACD0834F8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4179FF-0856-4F0E-8487-3B9B94D89DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991BB6-38E6-4E0B-8C15-6EC5F3058DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "379D1862-1EF5-462B-9727-D3F4E14FEB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A60E0080-2617-40C1-8796-DDE2846546BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC44976-236F-4796-B7B7-FFF107B44F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47D1FC9F-4DFD-4923-9C70-0EA3A7F95F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53D75E-917C-4D01-960B-4E6503C19E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CD559C-B0FD-4ED1-AB8B-93EFB1B536FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E970BB-37CA-441C-8D2E-CAEBA1E4671A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA83F24-7708-4751-BE4F-A33EFF77D1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B9F2-83A0-40AB-A3BC-20BE0415B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6C7D9F-BC8C-4C31-AC76-978E7E461571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78CCF102-5C54-49AC-9CE5-A2E1CD062C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9EBACF-EE24-4991-B7D0-DCA028A699DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE9AD76-9D5A-4EED-816F-84D12D2617BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "043A5C6F-8E1D-4B4F-9F47-8C9A331AA13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "039CF6A6-6273-4BA7-B517-075AAA8F206D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79708E36-EBBE-43E8-918C-A006DAE59D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF74129-BF02-4CB2-8813-8825FA28D39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069D3AF1-92EB-493C-B465-AD080D16A0C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A74B84-7805-4DB3-B589-C95A41538258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0B895-B214-44F2-8552-D4CE27CA71B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B464004-B108-400A-8EF1-66C9BDDD0431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E179689-E881-4528-BB29-F0BD41B2611C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAEB0E8-B097-44EE-B3C2-674B2E0D880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35025A-5A38-4114-BE98-90665BE328A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8269E19-8D3D-4D46-BA38-5B4259279927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBACC6D-F45C-4E7F-AF57-5F2636BFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87CC490B-2653-45B2-B76E-27C58F804807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1620ED7-17B5-42B3-A331-EA0DB4F3A73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA33265-F8EB-4D5F-AFCE-2DBFB6BFED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA407987-21C8-4930-9D03-B74210490E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8192A381-A80E-4800-A85C-B799AACFE897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23516598-8E84-4092-BA33-695E7A352175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F90CD7B-E988-4ADA-8809-9220F8309C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855A2B51-945A-4007-8F6A-8C198B19BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8B83EE-113B-49CC-A168-ED373B8E9F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBF9CF8-AE84-4609-9347-173D1E1D5F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "527709DC-A1FC-47C0-AC6B-2833EF0CC277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "15A1B4BE-12A6-43DF-959C-965E75F04875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFC91E-9123-4729-916F-24E62742B149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0090ED0-AF62-4A40-85E1-5502C0E5B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BEACB5-13A1-48DF-BC2A-0AF71B6671BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "154F4DAA-76BF-4948-8258-C42A0B595012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD61DCAA-F9D3-4FD2-9712-8BA7A9A85241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9240BEED-D541-463F-9398-94ED5D4BDE01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33A6A0-1B2D-431F-81E1-A5262BCC74E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC71349-603D-41CA-B3EA-B87D85655BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF51EEB-10F6-41A9-A1EF-AF1D451B102E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8216A541-D100-4483-9465-85A5A8F44732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3FD3F9-923B-4FCA-AC67-E79412671842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F49AC59-9B97-409A-8C78-5D5738AB361C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FBA6A3-E6A7-431C-8A64-577E971A144D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795D282A-9BD3-409B-8153-1AF98FCD6EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9416A79E-C8A7-4027-B2D5-70C2523EDDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "226369BB-7875-4F49-AF96-B6B358ED5EF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n extractPages de utils/pdfseparate.cc en Poppler anterior a la versi\u00f3n 0.24.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un nombre de archivo fuente."
}
],
"id": "CVE-2013-4473",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-23T11:55:04.633",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/723124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b"
},
{
"source": "secalert@redhat.com",
"url": "http://cgit.freedesktop.org/poppler/poppler/tree/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/56567"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/63368"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/723124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cgit.freedesktop.org/poppler/poppler/tree/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-05 04:29
Modified
2024-11-21 04:20
Severity ?
Summary
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.74.0. Hay un problema de desreferencia de puntero NULL en la funci\u00f3n SplashClip::clipAALine en splash/SplashClip.cc."
}
],
"id": "CVE-2019-10873",
"lastModified": "2024-11-21T04:20:01.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-05T04:29:01.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-02 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=103045 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=103045 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack."
},
{
"lang": "es",
"value": "La funci\u00f3n FoFiTrueType::getCFFBlock en FoFiTrueType.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL debida a la ausencia de validaci\u00f3n de un puntero de tabla, lo que permite a un atacante provocar un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-14977",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-02T01:29:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-25 23:29
Modified
2024-11-21 03:48
Severity ?
Summary
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| redhat | ansible_tower | 3.3.0 | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5EEC25-ED7A-46F1-B7E8-CB184E674DB0",
"versionEndIncluding": "0.62.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5817E2DF-3920-4886-A709-C51A70A6B7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file."
},
{
"lang": "es",
"value": "Poppler hasta la versi\u00f3n 0.62 contiene una vulnerabilidad de lectura fuera de l\u00edmites debido a un acceso incorrecto a la memoria que no se mapea en su espacio de memoria, tal y como queda demostrado con pdfunite. Esto puede resultar en la corrupci\u00f3n de memoria y una denegaci\u00f3n de servicio (DoS). Esto podr\u00eda ser explotable cuando una v\u00edctima abre un archivo PDF especialmente manipulado."
}
],
"id": "CVE-2018-13988",
"lastModified": "2024-11-21T03:48:22.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-25T23:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3757-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-26 23:29
Modified
2024-11-21 04:51
Severity ?
Summary
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Existe un \"infraescritura\" de b\u00fafer basado en memoria din\u00e1mica (heap) en mageStream::getLine() en Stream.cc en la versi\u00f3n 0.74.0 de Poppler que puede, por ejemplo, desencadenarse mediante el env\u00edo de un archivo PDF manipulado al binario pdfimages. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado."
}
],
"id": "CVE-2019-9200",
"lastModified": "2024-11-21T04:51:11.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-26T23:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107172"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/728"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3905-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3905-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E495365-0100-4946-A7BA-D4CBD1EA45EF",
"versionEndIncluding": "0.78.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Poppler hasta versi\u00f3n 0.78.0. Se presenta un error de divisi\u00f3n por cero en la funci\u00f3n SplashOutputDev::tilingPatternFill en el archivo SplashOutputDev.cc."
}
],
"id": "CVE-2019-14494",
"lastModified": "2024-11-21T04:26:51.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/802"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLAQBLBIIL3A5XZQYR4MG3Z4LIPIC42P/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4091-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLAQBLBIIL3A5XZQYR4MG3Z4LIPIC42P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4091-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-12 17:29
Modified
2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | http://www.securityfocus.com/bid/99497 | Third Party Advisory, VDB Entry | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99497 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.53.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F00C454-6F80-4468-8FD3-DCBDFDF1438B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento de pila explotable en la funcionalidad de renderizado de im\u00e1genes de Poppler versi\u00f3n 0.53.0. Un PDF espec\u00edficamente creado puede causar un n\u00famero excesivamente grande de componentes de color durante el renderizado de im\u00e1genes, resultando en una corrupci\u00f3n de la pila. Un archivo PDF controlado por un atacante puede ser usado para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2017-2818",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T17:29:00.497",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 15:29
Modified
2024-11-21 03:19
Severity ?
Summary
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| redhat | ansible_tower | 3.3 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9361705-A469-4AC8-9F0A-5FD1EEC9580A",
"versionEndIncluding": "0.64.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5319543-0143-4E2E-AA77-B7F116C1336C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops."
},
{
"lang": "es",
"value": "La funci\u00f3n FoFiType1C::cvtGlyph en fofi/FoFiType1C.cc en Poppler 0.64.0 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (recursi\u00f3n infinita) mediante un archivo PDF manipulado, tal y como demuestra pdftops."
}
],
"id": "CVE-2017-18267",
"lastModified": "2024-11-21T03:19:43.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T15:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3647-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 05:28
Severity ?
Summary
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 | Exploit, Issue Tracking, Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 | Exploit, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 20.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:20.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED965244-90F8-4284-A3E5-009B0154501F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function."
}
],
"id": "CVE-2020-36024",
"lastModified": "2024-11-21T05:28:40.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T14:15:11.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-06 23:29
Modified
2024-11-21 03:42
Severity ?
Summary
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| canonical | ubuntu_linux | 14.04 | |
| debian | debian_linux | 8.0 | |
| redhat | ansible_tower | 3.3 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B4871F-D168-43EC-A552-CEC1759175D2",
"versionEndExcluding": "0.41.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5319543-0143-4E2E-AA77-B7F116C1336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected."
},
{
"lang": "es",
"value": "Hay una desreferencia de puntero NULL en la funci\u00f3n AnnotPath::getCoordsLength en Annot.h en un paquete de Ubuntu para Poppler 0.24.5. Se podr\u00eda realizar un ataque de denegaci\u00f3n de servicio remoto con una entrada especialmente manipulada. Los paquetes posteriores de Ubuntu, como los de Poppler 0.41.0 no se han visto afectados."
}
],
"id": "CVE-2018-10768",
"lastModified": "2024-11-21T03:42:00.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-06T23:29:00.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3647-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 19:15
Modified
2025-02-28 14:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * | |
| apple | watchos | * | |
| xpdfreader | xpdf | * | |
| freedesktop | poppler | * |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple Multiple Products Integer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD67B72-0B1D-46A8-A149-8149ED749FEC",
"versionEndExcluding": "14.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5998D71C-A481-4F0C-AA06-B1FF0E6664A0",
"versionEndExcluding": "12.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "478E12B4-50EB-4CB2-9C50-D8F08127FB12",
"versionEndExcluding": "14.8",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F52D69C-8621-4E01-ABDE-8473A590BCB6",
"versionEndExcluding": "11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3232C3B6-D79F-4FDB-9621-4E314798AD7D",
"versionEndExcluding": "7.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B98328A-2A47-438F-886B-1A6AF87990DF",
"versionEndExcluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A7D6AF-D14E-4AD5-A9B8-12337347DC09",
"versionEndExcluding": "22.09.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
},
{
"lang": "es",
"value": "Se ha solucionado un desbordamiento de enteros con una validaci\u00f3n de entrada mejorada. Este problema se soluciona en la actualizaci\u00f3n de seguridad 2021-005 Catalina, iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. El procesamiento de un PDF malintencionado puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente."
}
],
"id": "CVE-2021-30860",
"lastModified": "2025-02-28T14:43:40.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-08-24T19:15:14.370",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212824"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 05:14
Severity ?
Summary
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/-/issues/936 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/-/issues/936 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.89.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.89.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F154FB-CCC1-4CA4-8124-767AE24BC59D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input."
},
{
"lang": "es",
"value": "La recursi\u00f3n incontrolada en pdfinfo y pdftops en poppler 0.89.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una entrada manipulada.\n"
}
],
"id": "CVE-2020-23804",
"lastModified": "2024-11-21T05:14:05.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:19.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/936"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-23 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FAB528-98AD-47D3-99FB-3B1CA071704B",
"versionEndIncluding": "0.24.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28BB4DC8-BCD6-44EB-BD73-C650AF47FE19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2E8A2B-D2FC-4840-BC26-DB2A0E4DA4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81AD541A-77B3-44D3-9442-BAD8888331B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA68DBB-D9AE-4326-AAF4-0D8EF2594107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "037C2903-D964-46E6-9C56-D547E6C40F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17379F92-64FE-4956-B241-6843726C87D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84EE2328-63E4-4BF3-BBB4-C0C40E54AF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03580443-C13D-4ABD-82A9-452EA02D7B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DB12DC-622F-4F28-A91D-5EC07CEB477D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEF0F47-3F69-4DB0-A7B8-C986A430834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9664566B-28F7-45DC-B59B-845DF2AA635E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3790BFE0-971B-46DE-B060-1D0F408F54BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D7A7C-0B5E-41B0-B873-0AEAD4D79034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8CC2DA-01A9-426C-8A43-39F35DEB4D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8644AD8-7867-483A-B9A2-7663F53B4640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8850C474-5EA2-4BC5-B9D1-099F8BE161EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9CB74-99FB-4ED2-A173-AE325CCA0890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4A8973-84AF-434B-B0F5-958CEAFCEFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6706D8-CB52-4CDA-938E-B44AAA687D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "408E7D83-8D04-4584-AFA6-42196A6D99B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "6059804F-09AF-4D66-B297-85A21E8725D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B627E11-43A6-41BE-9BD6-AD5C99B35D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADA618A-D673-44BF-ABFA-8EB95EEF0102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "335FA773-87BC-440E-99BC-46805D9ADA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1DA1DA-94FB-41A7-BCB5-1118E5983A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD46429-7295-43ED-8541-7AD3CAAB2B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5ECCE4-7586-4EEB-9085-7D8DB49E28EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8240022B-EF85-4C18-9B47-CA7DDC125CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3098380E-14D2-4DD4-A6A5-70F5D3A256EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B978283-552D-4573-B318-E6FDFBFAE09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6544F688-064C-4004-A3B1-DBFEF6D3B601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E91CA0-674F-4ECD-B58B-1CCD85A8B497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1618F-71A0-4796-892A-7E1B61BB5729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7AD8C3-6F02-4D32-9B7C-41F865030BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEFD9C7-768F-4751-9242-1206A63D8E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC42677-F36E-4E6B-88CB-2B34E690D0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D05260-CE4B-4EDF-879A-E4CB0C174A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54F7CA-4B73-40AF-BF78-B76CA901AD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47FC185E-9D39-491F-A1FD-F48ACC07E966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2CA2BF-AF2A-40AC-AAAA-5D9FA77DEB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE791B58-693B-447C-A949-4915D08707A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE0E8A-4816-4530-911D-73F4E4EC7621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "271E2F6D-5DAC-4B48-A6DC-C1BD5424D7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2578912-1929-4CCC-B718-60279F5DD9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8739E30F-7987-4749-926A-45B53220D95B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "907F732E-2AC2-4C66-B240-03C5B1A8BE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36176CB9-CB8A-4B54-855D-76D0C9FFA4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E6F617-47EA-40A7-8140-D220F73895C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFF932F-B15C-426C-8368-918BD5397326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E2EF83-C5EF-4A07-9690-D1659AB88AED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "906DB5B3-3AD3-4763-9B97-0875485701AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF81A03-C47B-4250-BF4C-C637662876EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE65D66E-F51E-4B14-901D-8EA47C128CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF00D9C1-07DE-43DF-8185-A06406F61ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B36DB5-6D7D-475D-BD6B-AF1401C41EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "443737A0-75DE-436D-81C0-FC94CB23F2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7D0BBE-D4B4-4CF2-91F1-50864DC92F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03727E0E-E5E9-40EF-B3B6-05B600F04282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DC337D-EBB4-403D-B32D-7B195725CD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEF3348-5BB0-45CB-B59B-4A90EEAAF2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "949E12C4-97BA-4D56-B18E-4AC032834D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40A9D590-FF77-4181-B46C-668249A9B255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0CC3B1-C3F6-4211-9B68-5ACD0834F8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4179FF-0856-4F0E-8487-3B9B94D89DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991BB6-38E6-4E0B-8C15-6EC5F3058DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "379D1862-1EF5-462B-9727-D3F4E14FEB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A60E0080-2617-40C1-8796-DDE2846546BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC44976-236F-4796-B7B7-FFF107B44F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47D1FC9F-4DFD-4923-9C70-0EA3A7F95F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53D75E-917C-4D01-960B-4E6503C19E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CD559C-B0FD-4ED1-AB8B-93EFB1B536FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E970BB-37CA-441C-8D2E-CAEBA1E4671A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA83F24-7708-4751-BE4F-A33EFF77D1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B9F2-83A0-40AB-A3BC-20BE0415B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6C7D9F-BC8C-4C31-AC76-978E7E461571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78CCF102-5C54-49AC-9CE5-A2E1CD062C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9EBACF-EE24-4991-B7D0-DCA028A699DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE9AD76-9D5A-4EED-816F-84D12D2617BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "043A5C6F-8E1D-4B4F-9F47-8C9A331AA13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "039CF6A6-6273-4BA7-B517-075AAA8F206D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79708E36-EBBE-43E8-918C-A006DAE59D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF74129-BF02-4CB2-8813-8825FA28D39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069D3AF1-92EB-493C-B465-AD080D16A0C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A74B84-7805-4DB3-B589-C95A41538258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0B895-B214-44F2-8552-D4CE27CA71B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B464004-B108-400A-8EF1-66C9BDDD0431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E179689-E881-4528-BB29-F0BD41B2611C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAEB0E8-B097-44EE-B3C2-674B2E0D880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35025A-5A38-4114-BE98-90665BE328A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8269E19-8D3D-4D46-BA38-5B4259279927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBACC6D-F45C-4E7F-AF57-5F2636BFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87CC490B-2653-45B2-B76E-27C58F804807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1620ED7-17B5-42B3-A331-EA0DB4F3A73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA33265-F8EB-4D5F-AFCE-2DBFB6BFED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA407987-21C8-4930-9D03-B74210490E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8192A381-A80E-4800-A85C-B799AACFE897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23516598-8E84-4092-BA33-695E7A352175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F90CD7B-E988-4ADA-8809-9220F8309C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855A2B51-945A-4007-8F6A-8C198B19BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8B83EE-113B-49CC-A168-ED373B8E9F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBF9CF8-AE84-4609-9347-173D1E1D5F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "527709DC-A1FC-47C0-AC6B-2833EF0CC277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "15A1B4BE-12A6-43DF-959C-965E75F04875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFC91E-9123-4729-916F-24E62742B149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0090ED0-AF62-4A40-85E1-5502C0E5B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BEACB5-13A1-48DF-BC2A-0AF71B6671BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "154F4DAA-76BF-4948-8258-C42A0B595012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD61DCAA-F9D3-4FD2-9712-8BA7A9A85241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9240BEED-D541-463F-9398-94ED5D4BDE01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33A6A0-1B2D-431F-81E1-A5262BCC74E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC71349-603D-41CA-B3EA-B87D85655BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF51EEB-10F6-41A9-A1EF-AF1D451B102E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8216A541-D100-4483-9465-85A5A8F44732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3FD3F9-923B-4FCA-AC67-E79412671842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F49AC59-9B97-409A-8C78-5D5738AB361C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FBA6A3-E6A7-431C-8A64-577E971A144D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795D282A-9BD3-409B-8153-1AF98FCD6EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9416A79E-C8A7-4027-B2D5-70C2523EDDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "226369BB-7875-4F49-AF96-B6B358ED5EF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n extractPages en utils/pdfseparate.cc de Poppler anterior a la versi\u00f3n 024.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de especificadores de cadena en un nombre de archivo de destino."
}
],
"id": "CVE-2013-4474",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-23T11:55:04.663",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/723124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/56567"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/63374"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/723124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-05 19:15
Modified
2024-11-21 06:55
Severity ?
Summary
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 22.03.0 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:22.03.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3275CC-EE89-4017-A7B8-5AB48E74615E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
},
{
"lang": "es",
"value": "Un error l\u00f3gico en la funci\u00f3n Hints::Hints de Poppler versi\u00f3n v22.03.0, permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio de un archivo PDF dise\u00f1ado"
}
],
"id": "CVE-2022-27337",
"lastModified": "2024-11-21T06:55:36.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-05T19:15:07.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 20:15
Modified
2024-11-21 01:21
Severity ?
Summary
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201310-03.xml | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2010-4654 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2010-4654 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201310-03.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2010-4654 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-4654 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "044C98CE-789D-4FA1-9C0E-8B082A65A82A",
"versionEndExcluding": "0.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack."
},
{
"lang": "es",
"value": "poppler versiones anteriores a la versi\u00f3n 0.16.3, tiene comandos malformados que pueden corromper la pila interna."
}
],
"id": "CVE-2010-4654",
"lastModified": "2024-11-21T01:21:27.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T20:15:10.660",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4654"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4654"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-02 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=100776 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=100776 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.54.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*",
"matchCriteriaId": "740347EF-5003-40B2-863C-D86A246DD21B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file."
},
{
"lang": "es",
"value": "En Poppler 0.54.0 se ha encontrado una vulnerabilidad de filtrado de memoria en la funci\u00f3n Object::initArray en Object.cc que permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante un archivo manipulado."
}
],
"id": "CVE-2017-9408",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-02T19:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100776"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-01 19:29
Modified
2024-11-21 04:51
Severity ?
Summary
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107238 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/issues/730 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107238 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/issues/730 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.74.0. Se puede desencadenar una llamada de funci\u00f3n recursiva en JBIG2Stream::readGenericBitmap(), ubicada en JBIG2Stream.cc, mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdfseparate. Permite que un atacante provoque una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o, posiblemente, otro impacto sin especificar. Esto est\u00e1 relacionado con JArithmeticDecoder::decodeBit."
}
],
"id": "CVE-2019-9543",
"lastModified": "2024-11-21T04:51:49.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-01T19:29:02.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107238"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-29 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| freedesktop | poppler | 0.13.0 | |
| freedesktop | poppler | 0.13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E10840C4-0CA0-49F9-BC12-E672D464331B",
"versionEndIncluding": "0.13.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEF3348-5BB0-45CB-B59B-4A90EEAAF2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "949E12C4-97BA-4D56-B18E-4AC032834D14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file."
},
{
"lang": "es",
"value": "DCTStream.cc en Poppler anterior a 0.13.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un fichero PDF manipulado."
}
],
"id": "CVE-2010-5110",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-29T16:55:09.903",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8"
},
{
"source": "secalert@redhat.com",
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/11132"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59857"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=26280"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/11132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=26280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 05:29
Modified
2024-11-21 04:52
Severity ?
Summary
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function."
},
{
"lang": "es",
"value": "Poppler en su versi\u00f3n 0.74.0, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en la funci\u00f3n CairoRescaleBox.cc downsample_row_box_filter."
}
],
"id": "CVE-2019-9631",
"lastModified": "2024-11-21T04:52:00.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T05:29:00.733",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-08 23:29
Modified
2024-11-21 04:20
Severity ?
Summary
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.75.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C936F57A-BD6D-4E20-8ED1-3315626E8FE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc."
},
{
"lang": "es",
"value": "FontInfoScanner::scanFonts en FontInfo.cc en Poppler 0.75.0 tiene una recursi\u00f3n infinita, que lleva a una llamada a la funci\u00f3n de error en Error.cc."
}
],
"id": "CVE-2019-11026",
"lastModified": "2024-11-21T04:20:23.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-08T23:29:00.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/1508/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/1508/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-19 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=101084 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=101084 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.54.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*",
"matchCriteriaId": "740347EF-5003-40B2-863C-D86A246DD21B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file."
},
{
"lang": "es",
"value": "En poppler versi\u00f3n 0.54.0, como es usado en Evince y otros productos, presenta una desreferencia de puntero NULL en la funci\u00f3n JPXStream::readUByte en el archivo JPXStream.cc. Por ejemplo, la utilidad perf_test se bloquear\u00e1 (por fallo de segmentaci\u00f3n) al analizar un archivo PDF inv\u00e1lido."
}
],
"id": "CVE-2017-9083",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-19T16:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101084"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=102607 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=102607 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una desreferencia de puntero NULL en AnnotRichMedia::Configuration::Configuration en Annot.cc mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-14928",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:02.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:16
Severity ?
Summary
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 22.08.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:22.08.0:*:*:*:*:*:*:*",
"matchCriteriaId": "032FA2DC-3A55-4599-BFC7-ECF428D33247",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 22.08.0. Hay una aserci\u00f3n alcanzable en Object.h, provocar\u00e1 una denegaci\u00f3n de servicio porque PDFDoc::replacePageDict en PDFDoc.cc carece de una comprobaci\u00f3n de flujo antes de guardar un archivo incrustado."
}
],
"id": "CVE-2022-38349",
"lastModified": "2024-11-21T07:16:18.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:23.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-17 23:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una desreferencia de puntero NULL en la funci\u00f3n XRef::parseEntry() en XRef.cc mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-14517",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-17T23:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/105050"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102687"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/105050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-02 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.freedesktop.org/show_bug.cgi?id=102653 | Exploit, Issue Tracking, VDB Entry, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.freedesktop.org/show_bug.cgi?id=102653 | Exploit, Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack."
},
{
"lang": "es",
"value": "La funci\u00f3n FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 tiene una vulnerabilidad de desreferencia de puntero NULL porque una estructura de datos no se inicializa, lo que permite a un atacante provocar un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-14975",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-02T01:29:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-02 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=100775 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=100775 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.54.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*",
"matchCriteriaId": "740347EF-5003-40B2-863C-D86A246DD21B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file."
},
{
"lang": "es",
"value": "En Poppler 0.54.0 se ha encontrado una vulnerabilidad de filtrado de memoria en la funci\u00f3n gmalloc en gmem.cc que permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante un archivo manipulado."
}
],
"id": "CVE-2017-9406",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-02T19:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100775"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-03 17:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1900712 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1900712 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "534622E2-1F18-4BF6-9EB4-AEC57E77AA81",
"versionEndExcluding": "0.76.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the \u0027pdftohtml\u0027 program, would crash the application causing a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Poppler en la manera en que determinados archivos PDF se convert\u00edan a HTML. Un atacante remoto podr\u00eda explotar este fallo proporcionando un archivo PDF malicioso que, cuando se procesaba por el programa \"pdftohtml\", bloquear\u00eda la aplicaci\u00f3n y provocar\u00eda una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-27778",
"lastModified": "2024-11-21T05:21:49.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-03T17:15:13.097",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-22 15:15
Modified
2024-11-21 04:52
Severity ?
Summary
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E495365-0100-4946-A7BA-D4CBD1EA45EF",
"versionEndIncluding": "0.78.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn\u0027t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo."
},
{
"lang": "es",
"value": "La funci\u00f3n JPXStream::init en Poppler versi\u00f3n 0.78.0 y anteriores, no comprueba los valores negativos de la longitud de la transmisi\u00f3n, lo que conlleva a un Desbordamiento de Enteros, y por lo tanto hace posible asignar una gran fragmento de memoria en la pila, con un tama\u00f1o controlado por un atacante, como es demostrado por pdftocairo."
}
],
"id": "CVE-2019-9959",
"lastModified": "2024-11-21T04:52:40.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-22T15:15:10.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109342"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-22 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xpdfreader | xpdf | 4.04 | |
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8219E-FA52-45B5-A332-CE34400630BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A7D6AF-D14E-4AD5-A9B8-12337347DC09",
"versionEndExcluding": "22.09.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics)."
},
{
"lang": "es",
"value": "Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la funci\u00f3n JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente dise\u00f1ados podr\u00eda conllevar a un fallo o una ejecuci\u00f3n de c\u00f3digo arbitrario. Esto es similar a la vulnerabilidad descrita por CVE-2021-30860 (Apple CoreGraphics)."
}
],
"id": "CVE-2022-38171",
"lastModified": "2024-11-21T07:15:56.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T19:15:11.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-30 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | cups | * | |
| freedesktop | poppler | * | |
| gpdf_project | gpdf | * | |
| xpdfreader | xpdf | 3.02 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08916364-08F4-4416-B84E-2BDD2DC0A3EB",
"versionEndIncluding": "1.3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B64EB12-180D-4943-93C5-D99E05DE8422",
"versionEndExcluding": "0.5.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4AA11D-1589-49C3-AF7F-89C25F5E017B",
"versionEndExcluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "14CC22C3-4195-4207-AAA4-E72F22334517",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n StreamPredictor::StreamPredictor en xpdf versi\u00f3n 3.02, tal como es usado en (1) poppler anterior a versi\u00f3n 0.5.91, (2) gpdf anterior a versi\u00f3n 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podr\u00edan permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de un archivo PDF creado que causa un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, en la funci\u00f3n StreamPredictor::getNextLine."
}
],
"id": "CVE-2007-3387",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-30T23:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/40127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26251"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26255"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26257"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26278"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26281"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26283"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26292"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26293"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26297"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26318"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26325"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26343"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26358"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26365"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26370"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26395"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26407"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26425"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26432"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26436"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26468"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26470"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26514"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26607"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26627"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27156"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27281"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27637"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/40127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-09 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD83B11-3EAC-4EF5-8E4B-664B9DC75E52",
"versionEndIncluding": "0.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."
},
{
"lang": "es",
"value": "poppler/Stream.cc en poppler anterior a 0.22.1 permite a atacantes dependientes de contexto tener un impacto no especificado a trav\u00e9s de vectores que provocan una lectura de memoria no inicializada por la funci\u00f3n CCITTFaxStream::lookChar"
}
],
"id": "CVE-2013-1790",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-09T20:55:01.913",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=b1026b5978c385328f2a15a2185c599a563edf91"
},
{
"source": "secalert@redhat.com",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52846"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=b1026b5978c385328f2a15a2185c599a563edf91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-26 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "470EC7C4-3102-4DFF-AF5A-C7F8ED2822B6",
"versionEndIncluding": "0.24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28BB4DC8-BCD6-44EB-BD73-C650AF47FE19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2E8A2B-D2FC-4840-BC26-DB2A0E4DA4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81AD541A-77B3-44D3-9442-BAD8888331B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA68DBB-D9AE-4326-AAF4-0D8EF2594107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "271E2F6D-5DAC-4B48-A6DC-C1BD5424D7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2578912-1929-4CCC-B718-60279F5DD9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8739E30F-7987-4749-926A-45B53220D95B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "907F732E-2AC2-4C66-B240-03C5B1A8BE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36176CB9-CB8A-4B54-855D-76D0C9FFA4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E6F617-47EA-40A7-8140-D220F73895C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFF932F-B15C-426C-8368-918BD5397326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E2EF83-C5EF-4A07-9690-D1659AB88AED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "906DB5B3-3AD3-4763-9B97-0875485701AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF81A03-C47B-4250-BF4C-C637662876EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE65D66E-F51E-4B14-901D-8EA47C128CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF00D9C1-07DE-43DF-8185-A06406F61ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B36DB5-6D7D-475D-BD6B-AF1401C41EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "443737A0-75DE-436D-81C0-FC94CB23F2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7D0BBE-D4B4-4CF2-91F1-50864DC92F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03727E0E-E5E9-40EF-B3B6-05B600F04282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DC337D-EBB4-403D-B32D-7B195725CD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEF3348-5BB0-45CB-B59B-4A90EEAAF2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "949E12C4-97BA-4D56-B18E-4AC032834D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40A9D590-FF77-4181-B46C-668249A9B255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0CC3B1-C3F6-4211-9B68-5ACD0834F8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4179FF-0856-4F0E-8487-3B9B94D89DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991BB6-38E6-4E0B-8C15-6EC5F3058DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "379D1862-1EF5-462B-9727-D3F4E14FEB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A60E0080-2617-40C1-8796-DDE2846546BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC44976-236F-4796-B7B7-FFF107B44F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47D1FC9F-4DFD-4923-9C70-0EA3A7F95F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53D75E-917C-4D01-960B-4E6503C19E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CD559C-B0FD-4ED1-AB8B-93EFB1B536FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E970BB-37CA-441C-8D2E-CAEBA1E4671A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA83F24-7708-4751-BE4F-A33EFF77D1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B9F2-83A0-40AB-A3BC-20BE0415B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6C7D9F-BC8C-4C31-AC76-978E7E461571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78CCF102-5C54-49AC-9CE5-A2E1CD062C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9EBACF-EE24-4991-B7D0-DCA028A699DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE9AD76-9D5A-4EED-816F-84D12D2617BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "043A5C6F-8E1D-4B4F-9F47-8C9A331AA13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "039CF6A6-6273-4BA7-B517-075AAA8F206D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79708E36-EBBE-43E8-918C-A006DAE59D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF74129-BF02-4CB2-8813-8825FA28D39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069D3AF1-92EB-493C-B465-AD080D16A0C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A74B84-7805-4DB3-B589-C95A41538258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0B895-B214-44F2-8552-D4CE27CA71B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B464004-B108-400A-8EF1-66C9BDDD0431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E179689-E881-4528-BB29-F0BD41B2611C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAEB0E8-B097-44EE-B3C2-674B2E0D880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35025A-5A38-4114-BE98-90665BE328A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8269E19-8D3D-4D46-BA38-5B4259279927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBACC6D-F45C-4E7F-AF57-5F2636BFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87CC490B-2653-45B2-B76E-27C58F804807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1620ED7-17B5-42B3-A331-EA0DB4F3A73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA33265-F8EB-4D5F-AFCE-2DBFB6BFED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA407987-21C8-4930-9D03-B74210490E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8192A381-A80E-4800-A85C-B799AACFE897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23516598-8E84-4092-BA33-695E7A352175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F90CD7B-E988-4ADA-8809-9220F8309C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855A2B51-945A-4007-8F6A-8C198B19BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8B83EE-113B-49CC-A168-ED373B8E9F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBF9CF8-AE84-4609-9347-173D1E1D5F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "527709DC-A1FC-47C0-AC6B-2833EF0CC277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "15A1B4BE-12A6-43DF-959C-965E75F04875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFC91E-9123-4729-916F-24E62742B149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0090ED0-AF62-4A40-85E1-5502C0E5B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BEACB5-13A1-48DF-BC2A-0AF71B6671BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "154F4DAA-76BF-4948-8258-C42A0B595012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD61DCAA-F9D3-4FD2-9712-8BA7A9A85241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9240BEED-D541-463F-9398-94ED5D4BDE01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33A6A0-1B2D-431F-81E1-A5262BCC74E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC71349-603D-41CA-B3EA-B87D85655BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF51EEB-10F6-41A9-A1EF-AF1D451B102E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8216A541-D100-4483-9465-85A5A8F44732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3FD3F9-923B-4FCA-AC67-E79412671842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F49AC59-9B97-409A-8C78-5D5738AB361C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FBA6A3-E6A7-431C-8A64-577E971A144D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795D282A-9BD3-409B-8153-1AF98FCD6EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9416A79E-C8A7-4027-B2D5-70C2523EDDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "226369BB-7875-4F49-AF96-B6B358ED5EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2448981A-3CEE-432B-87C4-646E3D782F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C88AC80-9F18-4E16-B5FD-C17CB71EF645",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file."
},
{
"lang": "es",
"value": "El m\u00e9todo JBIG2Stream :: readSegments en JBIG2Stream.cc en Poppler antes de 0.24.5 no utiliza el especificador correcto dentro de una cadena de formato, que permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo PDF manipulado."
}
],
"id": "CVE-2013-7296",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-26T01:55:13.423",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/105"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/97"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56567"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56776"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-03 03:29
Modified
2024-11-21 04:47
Severity ?
Summary
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.73.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 28 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.73.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6AE723-15A2-4657-8B20-CC2223411AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo."
},
{
"lang": "es",
"value": "En la versi\u00f3n 0.73.0 de Poppler, una sobrelectura de b\u00fafer (debido a un error en la propiedad signedness de un n\u00famero entero en la funci\u00f3n XRef::getEntry function en XRef.cc) basada en memoria din\u00e1mica (heap) permite a los atacantes remotos causar una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) o, potencialmente, otro impacto no especificado mediante un documento PDF manipulado, tal y como queda demostrado con pdftocairo."
}
],
"id": "CVE-2019-7310",
"lastModified": "2024-11-21T04:47:58.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-03T03:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106829"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/717"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3886-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 18:29
Modified
2024-11-21 04:52
Severity ?
Summary
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary."
},
{
"lang": "es",
"value": "PDFDoc::markObject en PDFDoc.cc en Poppler 0.74.0 gestiona de manera incorrecta el marcado de diccionarios, que conduce al consumo de pila en la funci\u00f3n Dict::find() en Dict.cc, que puede (por ejemplo) desencadenarse pasando un archivo pdf manipulado al binario pdfunite."
}
],
"id": "CVE-2019-9903",
"lastModified": "2024-11-21T04:52:32.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T18:29:00.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/107560"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/107560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-30 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B464004-B108-400A-8EF1-66C9BDDD0431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E179689-E881-4528-BB29-F0BD41B2611C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAEB0E8-B097-44EE-B3C2-674B2E0D880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35025A-5A38-4114-BE98-90665BE328A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8269E19-8D3D-4D46-BA38-5B4259279927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBACC6D-F45C-4E7F-AF57-5F2636BFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87CC490B-2653-45B2-B76E-27C58F804807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1620ED7-17B5-42B3-A331-EA0DB4F3A73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA33265-F8EB-4D5F-AFCE-2DBFB6BFED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA407987-21C8-4930-9D03-B74210490E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8192A381-A80E-4800-A85C-B799AACFE897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23516598-8E84-4092-BA33-695E7A352175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F90CD7B-E988-4ADA-8809-9220F8309C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855A2B51-945A-4007-8F6A-8C198B19BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8B83EE-113B-49CC-A168-ED373B8E9F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBF9CF8-AE84-4609-9347-173D1E1D5F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "527709DC-A1FC-47C0-AC6B-2833EF0CC277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "15A1B4BE-12A6-43DF-959C-965E75F04875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFC91E-9123-4729-916F-24E62742B149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0090ED0-AF62-4A40-85E1-5502C0E5B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BEACB5-13A1-48DF-BC2A-0AF71B6671BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "154F4DAA-76BF-4948-8258-C42A0B595012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD61DCAA-F9D3-4FD2-9712-8BA7A9A85241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9240BEED-D541-463F-9398-94ED5D4BDE01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33A6A0-1B2D-431F-81E1-A5262BCC74E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC71349-603D-41CA-B3EA-B87D85655BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF51EEB-10F6-41A9-A1EF-AF1D451B102E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8216A541-D100-4483-9465-85A5A8F44732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.22.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F85615D2-85A2-4FD0-835B-D4920E89966C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3FD3F9-923B-4FCA-AC67-E79412671842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F49AC59-9B97-409A-8C78-5D5738AB361C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FBA6A3-E6A7-431C-8A64-577E971A144D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795D282A-9BD3-409B-8153-1AF98FCD6EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9416A79E-C8A7-4027-B2D5-70C2523EDDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "226369BB-7875-4F49-AF96-B6B358ED5EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2448981A-3CEE-432B-87C4-646E3D782F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C88AC80-9F18-4E16-B5FD-C17CB71EF645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EAD55A-8FB3-45A3-9A1B-B122FB43B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B77F65E7-EB4E-47DA-ABBE-F567E640A130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44DE4C6F-0A10-4646-98A0-CC3EC354106E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "115B8110-637D-4537-B55F-BBF17FD5CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "188DA744-4043-48E6-9654-5AA544B71C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.25.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48E56212-1ED1-4501-907D-AD89EBF5CA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E766F143-B220-4BA2-B919-D93010389156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E88AF71B-0B40-48A3-BA28-7EF4F770D931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E9C28-1F08-457E-8E9C-7906461FFFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4831F246-6BBA-439A-B531-A7ACAF3A0F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7651591C-8581-47CB-BB73-F8ABFA12FF50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.26.4:*:*:*:*:*:*:*",
"matchCriteriaId": "067C6A60-EB47-4C64-A425-5849461975D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.26.5:*:*:*:*:*:*:*",
"matchCriteriaId": "79049531-300B-406B-BA61-C061F623A234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "456B9F7A-3477-4C52-AA98-4048472D8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58C3FF6D-64AA-4C0E-B8C5-F6A5DB55123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44169D4B-E7F4-4EBA-8194-44B40FD23E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D882F4-0E9F-4706-B2D9-9E673361B019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A2A6BD-4AFF-4FEB-BAD5-AC2CBF43955F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "269376B9-48D9-4635-9319-428359EDD878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD8F8D2-450F-4444-A06D-CAAAE4FC8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8C81C3-1CD1-4468-91AF-C42C7CC96ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "829E041C-D50E-47E4-AE79-F83359610EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB75D4B-C71F-4FFD-9EB6-CB4B1EEFAC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE5D3F-1CF1-438B-BC64-E71209CFB143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F533478-2BB4-4FB7-8624-C69AE2E33B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75BD6DA0-031A-402D-8FA8-5BDEDBF06CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2549859C-C034-4D65-90CE-9345956956CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A56532E-9E1A-48B9-BF63-BE780E57C346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.42.0:*:*:*:*:*:*:*",
"matchCriteriaId": "179270EF-94DD-49B8-A51C-DAA743A9F34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.43.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42F76112-FB22-4747-8BA1-A3DA5697B4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "505309BB-8F47-42A0-A54F-4A8DD5B76332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.45.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3021150D-E502-499F-BD1A-8C257FE05CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.46.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE940DE8-E301-4FEC-9EF3-49DAA2D74B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.47.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8EF57B4-D092-421D-825F-BA3E61E2982F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.48.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C58C87-0646-4B38-8D9D-B3A6223E7D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.49.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6137D912-BE3A-4859-8839-78E7531552E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC76599A-3943-4247-8675-44554C7DE07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.51.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF10096F-19F7-47EA-9C04-DC40F41E6562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.52.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD66B6-F645-4830-9F37-104A75FCB838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F00C454-6F80-4468-8FD3-DCBDFDF1438B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*",
"matchCriteriaId": "740347EF-5003-40B2-863C-D86A246DD21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.55.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD5175D-E501-4679-8B24-5FBABD6FF1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents."
},
{
"lang": "es",
"value": "poppler desde versi\u00f3n 0.17.3, ha sido vulnerable a una desreferencia del puntero NULL en pdfunite desencadenada por documentos especialmente dise\u00f1ados."
}
],
"id": "CVE-2017-7511",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-30T18:29:00.287",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-25 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html | Third Party Advisory | |
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=100774 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4042-1/ | ||
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=100774 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201801-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4042-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.54.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.54.0:*:*:*:*:*:*:*",
"matchCriteriaId": "740347EF-5003-40B2-863C-D86A246DD21B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc."
},
{
"lang": "es",
"value": "La funci\u00f3n GfxImageColorMap::getGray en el archivo GfxState.cc de Poppler 0.54.0 permite a una atacante remoto causar una denegaci\u00f3n de servicio (buffer overflow basado en pila -stack- y ca\u00edda de la aplicaci\u00f3n mediante un documento PDF manipulado, relacionado con la p\u00e9rdida de la validaci\u00f3n del mapa de color en el archivo ImageOutputDev.cc."
}
],
"id": "CVE-2017-9865",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-25T13:29:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100774"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-22 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99240 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2550 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2551 | Third Party Advisory | |
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=101541 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99240 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2550 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2551 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=101541 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5923FAB1-BD60-4C09-9242-211F9D8FDEE1",
"versionEndIncluding": "0.55.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros que conduce a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) o, posiblemente, cualquier otro tipo de problema mediante un documento PDF modificado."
}
],
"id": "CVE-2017-9776",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-22T21:29:00.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99240"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2550"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101541"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:14
Severity ?
Summary
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 22.07.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject."
},
{
"lang": "es",
"value": "Una aserci\u00f3n alcanzable Object::getString en Poppler 22.07.0 permite a los atacantes causar una denegaci\u00f3n de servicio debido a un fallo en markObject."
}
],
"id": "CVE-2022-37052",
"lastModified": "2024-11-21T07:14:21.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:23.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-09 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD83B11-3EAC-4EF5-8E4B-664B9DC75E52",
"versionEndIncluding": "0.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions."
},
{
"lang": "es",
"value": "splash/Splash.cc en poppler anterior a v0.22.1 \r\npermite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (referencia NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores relacionados con las funciones (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, y (3) Splash::scaleMaskYuXu."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2013-1789",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-09T20:55:01.880",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2"
},
{
"source": "secalert@redhat.com",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52846"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-01 19:29
Modified
2024-11-21 04:51
Severity ?
Summary
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/issues/731 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/issues/731 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.74.0. Se puede desencadenar una llamada de funci\u00f3n recursiva en JBIG2Stream::readTextRegion(), ubicada en JBIG2Stream.cc, mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdfimages. Permite que un atacante provoque una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o, posiblemente, otro impacto sin especificar. Esto est\u00e1 relacionado con JBIG2Bitmap::clearToZero."
}
],
"id": "CVE-2019-9545",
"lastModified": "2024-11-21T04:51:49.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-01T19:29:02.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/731"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-17 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=103016 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=103016 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una desreferencia de puntero NULL en la funci\u00f3n GfxImageColorMap::getGrayLine() en GfxState.cc mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-15565",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-17T22:29:00.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-17 23:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, existe una excepci\u00f3n de punto flotante en la funci\u00f3n isImageInterpolationRequired() en Splash.cc mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-14518",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-17T23:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102688"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-12 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | http://www.securityfocus.com/bid/99497 | Broken Link, Third Party Advisory, VDB Entry | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99497 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.53.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F00C454-6F80-4468-8FD3-DCBDFDF1438B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento de enteros explotable en la funcionalidad de an\u00e1lisis de im\u00e1genes JPEG 2000 de freedesktop.org de Poppler versi\u00f3n 0.53.0. Un archivo PDF especialmente creado puede conllevar a un desbordamiento de enteros causando una sobreescritura de memoria fuera de l\u00edmites en la pila, resultando en una potencial ejecuci\u00f3n de c\u00f3digo arbitraria. Para desencadenar esta vulnerabilidad, una v\u00edctima necesita abrir el PDF malicioso en una aplicaci\u00f3n usando esta biblioteca."
}
],
"id": "CVE-2017-2820",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T17:29:00.530",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-03 13:29
Modified
2024-11-21 04:01
Severity ?
Summary
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.72.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F021BE1-4D2A-4D00-9491-714CD38A7B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing."
},
{
"lang": "es",
"value": "En la versi\u00f3n 0.72.0 de Poppler, PDFDoc::setup en PDFDoc.cc permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n provocado por un SIGABRT en Object.h debido a un valor de retorno incorrecto de PDFDoc::setup) manipulando un archivo PDF en el que la estructura de datos xref se maneja de manera incorrecta durante el procesamiento de extractPDFSubtype."
}
],
"id": "CVE-2018-20662",
"lastModified": "2024-11-21T04:01:57.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-03T13:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/706"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-06 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugs.freedesktop.org/show_bug.cgi?id=101208 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=101208 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5923FAB1-BD60-4C09-9242-211F9D8FDEE1",
"versionEndIncluding": "0.55.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service."
},
{
"lang": "es",
"value": "poppler hasta versi\u00f3n 0.55.0, es vulnerable a una recursi\u00f3n no controlada en pdfunite resultando en una potencial denegaci\u00f3n de servicio."
}
],
"id": "CVE-2017-7515",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-06T14:29:00.967",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101208"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-05 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | cups | * | |
| freedesktop | poppler | * | |
| xpdfreader | xpdf | * | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| xpdfreader | xpdf | 3.02 | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| fedoraproject | fedora | 14 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| opensuse | opensuse | 11.3 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08916364-08F4-4416-B84E-2BDD2DC0A3EB",
"versionEndIncluding": "1.3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0432A227-B3A9-4672-B661-96C3F2F47764",
"versionEndIncluding": "0.15.1",
"versionStartIncluding": "0.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8444F877-A312-4E37-9754-60CC7DE24CA2",
"versionEndIncluding": "3.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*",
"matchCriteriaId": "AA082A3C-AF4F-4436-BE42-C38D88A5154F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*",
"matchCriteriaId": "0509A882-65AF-41CA-AE90-CD59B8779354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*",
"matchCriteriaId": "7B92D9ED-E5B3-420E-BBDB-C84518807F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*",
"matchCriteriaId": "C892F205-4326-455E-8563-02971A93E3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*",
"matchCriteriaId": "27F45309-0915-497C-BFAE-D9CA6A5D8C15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
"matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n Gfx::getPos en el analizador PDF en Xpdf versi\u00f3n anterior a 3.02 PL5, Poppler versi\u00f3n 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros productos permite que los atacantes dependiendo del contexto generen una denegaci\u00f3n de servicio (bloqueo) por medio de vectores desconocidos que desencadenan una desreferencia de puntero no inicializada."
}
],
"id": "CVE-2010-3702",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-11-05T18:00:05.017",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42357"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42691"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43079"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-07 16:29
Modified
2024-11-21 03:57
Severity ?
Summary
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.71.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1648838-8F3F-48EF-BF4F-A0978B0FF94F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.71.0. Hay un aborto alcanzable en Object.h, que conducir\u00e1 a una denegaci\u00f3n de servicio (DoS) debido a que EmbFile::save2 en FileSpec.cc carece de una comprobaci\u00f3n de flujo antes de guardar un archivo embebido."
}
],
"id": "CVE-2018-19058",
"lastModified": "2024-11-21T03:57:14.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-07T16:29:00.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/659"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-10 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B57352-9CB8-4D72-932B-0765F2C47639",
"versionEndExcluding": "0.70.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment."
},
{
"lang": "es",
"value": "Poppler en versiones anteriores a 0.70.0 tiene una desreferencia de puntero NULL en _poppler_attachment_new cuando se llama desde poppler_annot_fichero_attachment_attachment_get_attachment."
}
],
"id": "CVE-2018-19149",
"lastModified": "2024-11-21T03:57:25.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-10T19:29:00.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106031"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/664"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-04"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-02 07:29
Modified
2024-11-21 03:56
Severity ?
Summary
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.71.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1648838-8F3F-48EF-BF4F-A0978B0FF94F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.71.0. Hay una fuga de memoria en GfxColorSpace::setDisplayProfile in GfxState.cc, tal y como queda demostrado con pdftocairo."
}
],
"id": "CVE-2018-18897",
"lastModified": "2024-11-21T03:56:50.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-02T07:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-22 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99241 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2551 | Third Party Advisory | |
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=101540 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99241 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2551 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=101540 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5923FAB1-BD60-4C09-9242-211F9D8FDEE1",
"versionEndIncluding": "0.55.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) mediante un documento PDF modificado."
}
],
"id": "CVE-2017-9775",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-22T21:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99241"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101540"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-22 14:23
Modified
2025-04-12 10:46
Severity ?
Summary
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| freedesktop | poppler | 0.24.0 | |
| freedesktop | poppler | 0.24.1 | |
| freedesktop | poppler | 0.24.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "470EC7C4-3102-4DFF-AF5A-C7F8ED2822B6",
"versionEndIncluding": "0.24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "226369BB-7875-4F49-AF96-B6B358ED5EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2448981A-3CEE-432B-87C4-646E3D782F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C88AC80-9F18-4E16-B5FD-C17CB71EF645",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
},
{
"lang": "es",
"value": "La funci\u00f3n openTempFile en goo/gfile.cc en Xpdf y Poppler 0.24.3 y anteriores, cuando funciona en un sistema diferente a Unix, permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque symlink sobre archivos temporales con nombres previsibles."
}
],
"id": "CVE-2013-4472",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-22T14:23:34.660",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/99064"
},
{
"source": "secalert@redhat.com",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/181"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/183"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-06 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 23 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| freedesktop | poppler | 0.39.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75BD6DA0-031A-402D-8FA8-5BDEDBF06CDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n ExponentialFunction::ExponentialFunction en Poppler en versiones anteriores a 0.40.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un modo blend no v\u00e1lido en el diccionario ExtGState en un documento PDF manipulado."
}
],
"id": "CVE-2015-8868",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-06T17:59:04.630",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2580.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3563"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/89324"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=93476"
},
{
"source": "cve@mitre.org",
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433"
},
{
"source": "cve@mitre.org",
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201611-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/89324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=93476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201611-15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-01 16:29
Modified
2024-11-21 04:01
Severity ?
Summary
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.72.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F021BE1-4D2A-4D00-9491-714CD38A7B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach."
},
{
"lang": "es",
"value": "Una aserci\u00f3n alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) debido a la falta de comprobaci\u00f3n del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pdfdetach."
}
],
"id": "CVE-2018-20650",
"lastModified": "2024-11-21T04:01:56.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-01T16:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106459"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3865-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-02 18:29
Modified
2024-11-21 03:04
Severity ?
Summary
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=103116 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4097 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=103116 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4097 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.60.1 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "204B7040-9839-4994-9871-89D1D0430732",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations."
},
{
"lang": "es",
"value": "freedesktop.org libpoppler 0.60.1 fracasa a la hora de validar l\u00edmites en TextPool::addWord, lo que conduce a un desbordamiento de los c\u00e1lculos posteriores."
}
],
"id": "CVE-2017-1000456",
"lastModified": "2024-11-21T03:04:46.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-02T18:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103116"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4097"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:53
Severity ?
Summary
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.68.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.68.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04320373-2826-4FE5-81C8-7402EE777226",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack."
},
{
"lang": "es",
"value": "En Poppler 0.68.0, la funci\u00f3n Parser::getObj() en Parser.cc podr\u00eda provocar una recursi\u00f3n infinita mediante un archivo manipulado. Un atacante remoto puede aprovecharse de esto para provocar un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-16646",
"lastModified": "2024-11-21T03:53:08.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T23:29:01.710",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622951"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-21 14:15
Modified
2024-11-21 09:49
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:5305 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:9167 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2024-6239 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2293594 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2024-6239 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2293594 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D378E45-D903-4883-931C-871444E32714",
"versionEndExcluding": "24.06.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Poppler\u0027s Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en la utilidad Pdfinfo de Poppler. Este problema ocurre cuando se usa el par\u00e1metro -dests con la utilidad pdfinfo. Al utilizar ciertos archivos de entrada con formato incorrecto, un atacante podr\u00eda provocar que la utilidad fallara, lo que provocar\u00eda una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-6239",
"lastModified": "2024-11-21T09:49:15.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-21T14:15:14.007",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:5305"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:9167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293594"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-05 04:29
Modified
2024-11-21 04:20
Severity ?
Summary
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en la funci\u00f3n PSOutputDev::checkPageSlice en PSOutputDev.cc."
}
],
"id": "CVE-2019-10871",
"lastModified": "2024-11-21T04:20:00.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-05T04:29:00.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.freedesktop.org/show_bug.cgi?id=102969 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4097 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.freedesktop.org/show_bug.cgi?id=102969 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4097 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519."
},
{
"lang": "es",
"value": "En Poppler 0.59.0, ocurre una corrupci\u00f3n de memoria en una llamada a Object::dictLookup() en Object.h despu\u00e9s de series repetitivas de llamadas a Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill y Gfx::drawForm (esto tambi\u00e9n se conoce como bucle infinito de Gfx.cc). Esta es una vulnerabilidad diferente a CVE-2017-14519."
}
],
"id": "CVE-2017-14929",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:02.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4097"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-12 17:29
Modified
2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | http://www.securityfocus.com/bid/99497 | Third Party Advisory, VDB Entry | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99497 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.53.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.53.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F00C454-6F80-4468-8FD3-DCBDFDF1438B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento de pila explotable en la funcionalidad de renderizado de im\u00e1genes de Poppler versi\u00f3n 0.53.0. Un pdf espec\u00edficamente creado puede causar un cambio de tama\u00f1o de la imagen despu\u00e9s de que la asignaci\u00f3n ya haya ocurrido, resultando en una corrupci\u00f3n de la pila lo que puede conllevar a la ejecuci\u00f3n de c\u00f3digo. Se puede usar un archivo PDF controlado por un atacante para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2017-2814",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T17:29:00.467",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 04:29
Modified
2024-11-21 04:01
Severity ?
Summary
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.72.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F021BE1-4D2A-4D00-9491-714CD38A7B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc."
},
{
"lang": "es",
"value": "XRef::getEntry en XRef.cc en Poppler 0.72.0 gestiona de manera incorrecta las entradas XRef no asignadas, lo que permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL) mediante un documento PDF manipulado, cuando se llama a XRefEntry::setFlag, en XRef.h, desde Parser::makeStream en Parser.cc."
}
],
"id": "CVE-2018-20481",
"lastModified": "2024-11-21T04:01:34.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T04:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106321"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3865-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 05:28
Severity ?
Summary
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 | Exploit, Issue Tracking, Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 | Exploit, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 20.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:20.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED965244-90F8-4284-A3E5-009B0154501F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function."
}
],
"id": "CVE-2020-36023",
"lastModified": "2024-11-21T05:28:40.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T14:15:11.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-05 04:29
Modified
2024-11-21 04:20
Severity ?
Summary
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.74.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9510DB6-607C-49C3-B38B-FA3A6F280B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.74.0. Hay una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en la funci\u00f3n Splash::blitTransparent en splash/Splash.cc."
}
],
"id": "CVE-2019-10872",
"lastModified": "2024-11-21T04:20:00.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-05T04:29:00.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/750"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-25 02:15
Modified
2024-11-21 05:27
Severity ?
Summary
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 20.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:20.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED965244-90F8-4284-A3E5-009B0154501F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects"
},
{
"lang": "es",
"value": "** EN DISPUTA ** La funci\u00f3n DCTStream::getChars en el archivo DCTStream.cc en Poppler versi\u00f3n 20.12.1, presenta un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por medio de un documento PDF dise\u00f1ado. NOTA: informes posteriores indican que esto s\u00f3lo afecta a las construcciones de los clones de git de Poppler a finales de diciembre de 2020, no a la versi\u00f3n 20.12.1. En esta situaci\u00f3n, NO debe considerarse una vulnerabilidad del Poppler. Sin embargo, varios proyectos de c\u00f3digo abierto de terceros dependen directamente de clones de git Poppler hechos en momentos arbitrarios, y por lo tanto el CVE sigue siendo \u00fatil para los usuarios de esos proyectos"
}
],
"id": "CVE-2020-35702",
"lastModified": "2024-11-21T05:27:52.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-25T02:15:12.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-07 16:29
Modified
2024-11-21 03:57
Severity ?
Summary
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2022 | ||
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/issues/661 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3837-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/issues/661 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3837-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.71.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1648838-8F3F-48EF-BF4F-A0978B0FF94F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.71.0. Hay una lectura fuera de l\u00edmites en EmbFile::save2 en FileSpec.cc, que conducir\u00e1 a una denegaci\u00f3n de servicio (DoS), tal y como queda demostrado con utils/pdfdetach.cc al no validar archivos embebidos antes de guardar los intentos."
}
],
"id": "CVE-2018-19059",
"lastModified": "2024-11-21T03:57:14.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-07T16:29:00.940",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-07 16:29
Modified
2024-11-21 03:57
Severity ?
Summary
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2022 | ||
| cve@mitre.org | https://gitlab.freedesktop.org/poppler/poppler/issues/660 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3837-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/poppler/poppler/issues/660 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3837-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.71.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1648838-8F3F-48EF-BF4F-A0978B0FF94F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Poppler 0.71.0. Hay una desreferencia de puntero NULL en goo/GooString.h, que conducir\u00e1 a una denegaci\u00f3n de servicio (DoS), tal y como queda demostrado con utils/pdfdetach.cc al no validar el nombre de archivos embebidos antes de construir una ruta de guardado."
}
],
"id": "CVE-2018-19060",
"lastModified": "2024-11-21T03:57:14.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-07T16:29:01.190",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/660"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3837-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 14:15
Modified
2025-07-09 14:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AEC600-C354-4873-8CC7-17C3337D6E7D",
"versionEndExcluding": "23.06.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open."
}
],
"id": "CVE-2023-34872",
"lastModified": "2025-07-09T14:15:24.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-07-31T14:15:10.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 20:15
Modified
2024-11-21 01:21
Severity ?
Summary
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "044C98CE-789D-4FA1-9C0E-8B082A65A82A",
"versionEndExcluding": "0.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts."
},
{
"lang": "es",
"value": "Puede ocurrir una condici\u00f3n de desbordamiento de enteros en poppler versiones anteriores a la versi\u00f3n 0.16.3, cuando analiza CharCodes para las fuentes."
}
],
"id": "CVE-2010-4653",
"lastModified": "2024-11-21T01:21:27.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T20:15:10.583",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45948"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4653"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-09 21:15
Modified
2024-11-21 01:38
Severity ?
Summary
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * | |
| xpdfreader | xpdf | 3.02 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAC1B59-DA71-4416-A223-790E25848186",
"versionEndExcluding": "0.21.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "14CC22C3-4195-4207-AAA4-E72F22334517",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator."
},
{
"lang": "es",
"value": "La funci\u00f3n error en el archivo Error.cc en poppler versiones anteriores a 0.21.4, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un PDF que contiene una secuencia de escape para un emulador terminal."
}
],
"id": "CVE-2012-2142",
"lastModified": "2024-11-21T01:38:35.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T21:15:10.967",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-09 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD83B11-3EAC-4EF5-8E4B-664B9DC75E52",
"versionEndIncluding": "0.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an \"invalid memory access\" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc."
},
{
"lang": "es",
"value": "poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) y, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores que disparan un \"acceso de memoria invalida\" en (1) splash/Splash.cc, (2) poppler/Function.cc, y (3) poppler/Stream.cc."
}
],
"id": "CVE-2013-1788",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-09T20:55:01.850",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=0388837f01bc467045164f9ddaff787000a8caaa"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=957aa252912cde85d76c41e9710b33425a82b696"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=bbc2d8918fe234b7ef2c480eb148943922cc0959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"
},
{
"source": "secalert@redhat.com",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52846"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=0388837f01bc467045164f9ddaff787000a8caaa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=957aa252912cde85d76c41e9710b33425a82b696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=bbc2d8918fe234b7ef2c480eb148943922cc0959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-05 04:15
Modified
2024-11-21 04:02
Severity ?
Summary
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "534622E2-1F18-4BF6-9EB4-AEC57E77AA81",
"versionEndExcluding": "0.76.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc."
},
{
"lang": "es",
"value": "Poppler anterior de la versi\u00f3n 0.66.0 tiene un desbordamiento de enteros en Parser :: makeStream en Parser.cc."
}
],
"id": "CVE-2018-21009",
"lastModified": "2024-11-21T04:02:41.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-05T04:15:09.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-02 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.freedesktop.org/show_bug.cgi?id=102724 | Exploit, Issue Tracking, VDB Entry, Vendor Advisory | |
| cve@mitre.org | https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.freedesktop.org/show_bug.cgi?id=102724 | Exploit, Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4079 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | poppler | 0.59.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84B23F71-9304-4434-92CE-489B893E833C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack."
},
{
"lang": "es",
"value": "La funci\u00f3n FoFiType1C::convertToType0 en FoFiType1C.cc en Poppler 0.59.0 puede sufrir una vulnerabilidad de sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) si se utiliza una fuente que provoca una indexaci\u00f3n fuera de la memoria, lo que permite a un atacante provocar un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-14976",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-02T01:29:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102724"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-1000456 (GCVE-0-2017-1000456)
Vulnerability from cvelistv5
Published
2018-01-02 18:00
Modified
2024-08-05 22:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180103 [SECURITY] [DLA 1228-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html"
},
{
"name": "DSA-4097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"datePublic": "2018-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180103 [SECURITY] [DLA 1228-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html"
},
{
"name": "DSA-4097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000456",
"REQUESTER": "sebastian.feldmann.hb@web.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180103 [SECURITY] [DLA 1228-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html"
},
{
"name": "DSA-4097",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4097"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=103116",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000456",
"datePublished": "2018-01-02T18:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13988 (GCVE-0-2018-13988)
Vulnerability from cvelistv5
Published
2018-07-25 23:00
Modified
2024-08-05 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:40.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "RHSA-2018:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html"
},
{
"name": "USN-3757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3757-1/"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T05:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "RHSA-2018:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html"
},
{
"name": "USN-3757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3757-1/"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "RHSA-2018:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"
},
{
"name": "http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html"
},
{
"name": "USN-3757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3757-1/"
},
{
"name": "RHBA-2019:0327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13988",
"datePublished": "2018-07-25T23:00:00",
"dateReserved": "2018-07-11T00:00:00",
"dateUpdated": "2024-08-05T09:21:40.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14926 (GCVE-0-2017-14926)
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102601"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T01:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102601"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102601",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102601"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14926",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1789 (GCVE-0-2013-1789)
Vulnerability from cvelistv5
Published
2013-04-09 20:00
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-3457",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "FEDORA-2013-3473",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109"
},
{
"name": "52846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-09T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-3457",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "FEDORA-2013-3473",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109"
},
{
"name": "52846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-3457",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "FEDORA-2013-3473",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"name": "http://j00ru.vexillium.org/?p=1507",
"refsource": "MISC",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=917109",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109"
},
{
"name": "52846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1789",
"datePublished": "2013-04-09T20:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:57.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14519 (GCVE-0-2017-14519)
Vulnerability from cvelistv5
Published
2017-09-17 23:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102701",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14519",
"datePublished": "2017-09-17T23:00:00",
"dateReserved": "2017-09-17T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9959 (GCVE-0-2019-9959)
Vulnerability from cvelistv5
Published
2019-07-22 14:18
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS"
},
{
"name": "109342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109342"
},
{
"name": "FEDORA-2019-69ec14786b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/"
},
{
"name": "FEDORA-2019-8729e0edf5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1963-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn\u0027t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS"
},
{
"name": "109342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109342"
},
{
"name": "FEDORA-2019-69ec14786b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/"
},
{
"name": "FEDORA-2019-8729e0edf5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1963-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn\u0027t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS",
"refsource": "CONFIRM",
"url": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS"
},
{
"name": "109342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109342"
},
{
"name": "FEDORA-2019-69ec14786b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/"
},
{
"name": "FEDORA-2019-8729e0edf5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1963-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9959",
"datePublished": "2019-07-22T14:18:19",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9406 (GCVE-0-2017-9406)
Vulnerability from cvelistv5
Published
2017-06-02 19:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=100775",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9406",
"datePublished": "2017-06-02T19:00:00",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3387 (GCVE-0-2007-3387)
Vulnerability from cvelistv5
Published
2007-07-30 23:00
Modified
2024-08-07 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:13.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2007:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"name": "USN-496-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"name": "DSA-1355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"name": "ADV-2007-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "MDKSA-2007:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"name": "MDKSA-2007:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"name": "26307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26307"
},
{
"name": "MDKSA-2007:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"name": "DSA-1350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"name": "20070814 FLEA-2007-0045-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"name": "26468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26468"
},
{
"name": "20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"name": "26982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26982"
},
{
"name": "26254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26254"
},
{
"name": "26370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26370"
},
{
"name": "DSA-1348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"name": "26325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26325"
},
{
"name": "26413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26413"
},
{
"name": "DSA-1352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"name": "GLSA-200710-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"name": "DSA-1354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"name": "USN-496-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"name": "MDKSA-2007:163",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"name": "RHSA-2007:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"name": "40127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40127"
},
{
"name": "26862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26862"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "26281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26281"
},
{
"name": "RHSA-2007:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"name": "GLSA-200709-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"name": "25124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"name": "26514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26514"
},
{
"name": "26467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26467"
},
{
"name": "SSA:2007-316-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"name": "26432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26432"
},
{
"name": "26410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"name": "26607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "26358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26358"
},
{
"name": "26365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26365"
},
{
"name": "26627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26627"
},
{
"name": "26293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26293"
},
{
"name": "26283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26283"
},
{
"name": "MDKSA-2007:159",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"name": "27308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27308"
},
{
"name": "MDKSA-2007:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"name": "DSA-1357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"name": "GLSA-200709-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"name": "26403",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26403"
},
{
"name": "RHSA-2007:0732",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"name": "DSA-1349",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"name": "26251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26251"
},
{
"name": "oval:org.mitre.oval:def:11149",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
},
{
"name": "26292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26292"
},
{
"name": "MDKSA-2007:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"name": "26342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26342"
},
{
"name": "26257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26395"
},
{
"name": "SSA:2007-222-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"name": "MDKSA-2007:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "1018473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"name": "RHSA-2007:0729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"name": "26188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26188"
},
{
"name": "26278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26278"
},
{
"name": "26425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26425"
},
{
"name": "GLSA-200710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"name": "ADV-2007-2704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"name": "DSA-1347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"name": "RHSA-2007:0735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"name": "20070816 FLEA-2007-0046-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"name": "27281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27281"
},
{
"name": "20070801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"name": "26436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26436"
},
{
"name": "26343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26343"
},
{
"name": "26407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26407"
},
{
"name": "26255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26255"
},
{
"name": "27156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27156"
},
{
"name": "26318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26318"
},
{
"name": "26470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26470"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "26297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26297"
},
{
"name": "26405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26405"
},
{
"name": "27637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2007:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html"
},
{
"name": "USN-496-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-496-1"
},
{
"name": "DSA-1355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1355"
},
{
"name": "ADV-2007-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2705"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "MDKSA-2007:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1596"
},
{
"name": "MDKSA-2007:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165"
},
{
"name": "26307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26307"
},
{
"name": "MDKSA-2007:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158"
},
{
"name": "DSA-1350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1350"
},
{
"name": "20070814 FLEA-2007-0045-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded"
},
{
"name": "26468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26468"
},
{
"name": "20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded"
},
{
"name": "26982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26982"
},
{
"name": "26254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26254"
},
{
"name": "26370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26370"
},
{
"name": "DSA-1348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1348"
},
{
"name": "26325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26325"
},
{
"name": "26413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26413"
},
{
"name": "DSA-1352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1352"
},
{
"name": "GLSA-200710-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml"
},
{
"name": "DSA-1354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535497"
},
{
"name": "USN-496-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-496-2"
},
{
"name": "MDKSA-2007:163",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20070730-1.txt"
},
{
"name": "RHSA-2007:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html"
},
{
"name": "40127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40127"
},
{
"name": "26862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26862"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "26281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26281"
},
{
"name": "RHSA-2007:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html"
},
{
"name": "GLSA-200709-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml"
},
{
"name": "25124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25124"
},
{
"name": "26514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26514"
},
{
"name": "26467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26467"
},
{
"name": "SSA:2007-316-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.761882"
},
{
"name": "26432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26432"
},
{
"name": "26410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139"
},
{
"name": "26607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "26358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26358"
},
{
"name": "26365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26365"
},
{
"name": "26627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26627"
},
{
"name": "26293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26293"
},
{
"name": "26283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26283"
},
{
"name": "MDKSA-2007:159",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159"
},
{
"name": "27308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27308"
},
{
"name": "MDKSA-2007:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160"
},
{
"name": "DSA-1357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1357"
},
{
"name": "GLSA-200709-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml"
},
{
"name": "26403",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26403"
},
{
"name": "RHSA-2007:0732",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html"
},
{
"name": "DSA-1349",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1349"
},
{
"name": "26251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26251"
},
{
"name": "oval:org.mitre.oval:def:11149",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149"
},
{
"name": "26292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26292"
},
{
"name": "MDKSA-2007:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161"
},
{
"name": "26342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26342"
},
{
"name": "26257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26395"
},
{
"name": "SSA:2007-222-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.423670"
},
{
"name": "MDKSA-2007:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "1018473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018473"
},
{
"name": "RHSA-2007:0729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html"
},
{
"name": "26188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26188"
},
{
"name": "26278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26278"
},
{
"name": "26425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26425"
},
{
"name": "GLSA-200710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml"
},
{
"name": "ADV-2007-2704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch"
},
{
"name": "DSA-1347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1347"
},
{
"name": "RHSA-2007:0735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html"
},
{
"name": "20070816 FLEA-2007-0046-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded"
},
{
"name": "27281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27281"
},
{
"name": "20070801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.foresightlinux.org/browse/FL-471"
},
{
"name": "26436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26436"
},
{
"name": "26343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26343"
},
{
"name": "26407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26407"
},
{
"name": "26255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26255"
},
{
"name": "27156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27156"
},
{
"name": "26318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26318"
},
{
"name": "26470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26470"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "26297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26297"
},
{
"name": "26405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26405"
},
{
"name": "27637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27637"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3387",
"datePublished": "2007-07-30T23:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:13.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4654 (GCVE-0-2010-4654)
Vulnerability from cvelistv5
Published
2019-11-13 19:41
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "poppler",
"versions": [
{
"status": "affected",
"version": "before 0.16.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T19:41:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4654",
"datePublished": "2019-11-13T19:41:43",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:18.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35702 (GCVE-0-2020-35702)
Vulnerability from cvelistv5
Published
2020-12-25 01:02
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-28T08:36:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35702",
"datePublished": "2020-12-25T01:02:58",
"dateReserved": "2020-12-25T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20650 (GCVE-0-2018-20650)
Vulnerability from cvelistv5
Published
2019-01-01 16:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"name": "106459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106459"
},
{
"name": "USN-3865-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"name": "106459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106459"
},
{
"name": "USN-3865-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/704",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"name": "106459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106459"
},
{
"name": "USN-3865-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20650",
"datePublished": "2019-01-01T16:00:00",
"dateReserved": "2019-01-01T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15565 (GCVE-0-2017-15565)
Vulnerability from cvelistv5
Published
2017-10-17 22:00
Modified
2024-08-05 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103016"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103016"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=103016",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103016"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15565",
"datePublished": "2017-10-17T22:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20481 (GCVE-0-2018-20481)
Vulnerability from cvelistv5
Published
2018-12-26 04:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:16.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143"
},
{
"name": "USN-3865-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "106321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106321"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143"
},
{
"name": "USN-3865-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "106321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106321"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/692",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143"
},
{
"name": "USN-3865-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3865-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "106321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106321"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20481",
"datePublished": "2018-12-26T04:00:00",
"dateReserved": "2018-12-25T00:00:00",
"dateUpdated": "2024-08-05T12:05:16.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1788 (GCVE-0-2013-1788)
Vulnerability from cvelistv5
Published
2013-04-09 20:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=957aa252912cde85d76c41e9710b33425a82b696"
},
{
"name": "FEDORA-2013-3457",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "MDVSA-2013:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"name": "FEDORA-2013-3473",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"name": "DSA-2719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=0388837f01bc467045164f9ddaff787000a8caaa"
},
{
"name": "52846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=bbc2d8918fe234b7ef2c480eb148943922cc0959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an \"invalid memory access\" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-24T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=957aa252912cde85d76c41e9710b33425a82b696"
},
{
"name": "FEDORA-2013-3457",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "MDVSA-2013:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"name": "FEDORA-2013-3473",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"name": "DSA-2719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=0388837f01bc467045164f9ddaff787000a8caaa"
},
{
"name": "52846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=e14b6e9c13d35c9bd1e0c50906ace8e707816888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=bbc2d8918fe234b7ef2c480eb148943922cc0959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1788",
"datePublished": "2013-04-09T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10872 (GCVE-0-2019-10872)
Vulnerability from cvelistv5
Published
2019-04-05 03:16
Modified
2024-08-04 22:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:02.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/750"
},
{
"name": "107862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/750"
},
{
"name": "107862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/750",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/750"
},
{
"name": "107862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10872",
"datePublished": "2019-04-05T03:16:40",
"dateReserved": "2019-04-04T00:00:00",
"dateUpdated": "2024-08-04T22:32:02.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8868 (GCVE-0-2015-8868)
Vulnerability from cvelistv5
Published
2016-05-06 17:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=93476"
},
{
"name": "openSUSE-SU-2016:1322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html"
},
{
"name": "DSA-3563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3563"
},
{
"name": "GLSA-201611-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-15"
},
{
"name": "RHSA-2016:2580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2580.html"
},
{
"name": "89324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89324"
},
{
"name": "FEDORA-2016-c848d48286",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"name": "[oss-security] 20160411 CVE request: Poppler \u003c 0.40.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433"
},
{
"name": "openSUSE-SU-2016:1630",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html"
},
{
"name": "USN-2958-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "FEDORA-2016-3c4e438fc8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=93476"
},
{
"name": "openSUSE-SU-2016:1322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html"
},
{
"name": "DSA-3563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3563"
},
{
"name": "GLSA-201611-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-15"
},
{
"name": "RHSA-2016:2580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2580.html"
},
{
"name": "89324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89324"
},
{
"name": "FEDORA-2016-c848d48286",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"name": "[oss-security] 20160411 CVE request: Poppler \u003c 0.40.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433"
},
{
"name": "openSUSE-SU-2016:1630",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html"
},
{
"name": "USN-2958-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "FEDORA-2016-3c4e438fc8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=93476",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=93476"
},
{
"name": "openSUSE-SU-2016:1322",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html"
},
{
"name": "DSA-3563",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3563"
},
{
"name": "GLSA-201611-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-15"
},
{
"name": "RHSA-2016:2580",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2580.html"
},
{
"name": "89324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89324"
},
{
"name": "FEDORA-2016-c848d48286",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html"
},
{
"name": "https://poppler.freedesktop.org/releases.html",
"refsource": "CONFIRM",
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"name": "[oss-security] 20160411 CVE request: Poppler \u003c 0.40.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/1"
},
{
"name": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433"
},
{
"name": "openSUSE-SU-2016:1630",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html"
},
{
"name": "USN-2958-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "FEDORA-2016-3c4e438fc8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8868",
"datePublished": "2016-05-06T17:00:00",
"dateReserved": "2016-04-23T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43903 (GCVE-0-2025-43903)
Vulnerability from cvelistv5
Published
2025-04-18 00:00
Modified
2025-04-21 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freedesktop | Poppler |
Version: 0 < 25.04.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T02:50:50.020749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T02:51:02.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poppler",
"vendor": "freedesktop",
"versions": [
{
"lessThan": "25.04.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T21:08:57.632Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43903",
"datePublished": "2025-04-18T00:00:00.000Z",
"dateReserved": "2025-04-18T00:00:00.000Z",
"dateUpdated": "2025-04-21T02:51:02.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32365 (GCVE-0-2025-32365)
Vulnerability from cvelistv5
Published
2025-04-05 00:00
Modified
2025-04-07 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freedesktop | Poppler |
Version: 0 < 25.04.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T14:43:55.087030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T14:44:18.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poppler",
"vendor": "freedesktop",
"versions": [
{
"lessThan": "25.04.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T22:10:36.429Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32365",
"datePublished": "2025-04-05T00:00:00.000Z",
"dateReserved": "2025-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-07T14:44:18.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14517 (GCVE-0-2017-14517)
Vulnerability from cvelistv5
Published
2017-09-17 23:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102687"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "105050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102687"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "105050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102687",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102687"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "105050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14517",
"datePublished": "2017-09-17T23:00:00",
"dateReserved": "2017-09-17T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19059 (GCVE-0-2018-19059)
Vulnerability from cvelistv5
Published
2018-11-07 16:00
Modified
2024-08-05 11:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/661",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19059",
"datePublished": "2018-11-07T16:00:00",
"dateReserved": "2018-11-07T00:00:00",
"dateUpdated": "2024-08-05T11:30:04.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2818 (GCVE-0-2017-2818)
Vulnerability from cvelistv5
Published
2017-07-12 17:00
Modified
2024-09-17 04:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- heap overflow
Summary
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poppler",
"vendor": "Poppler",
"versions": [
{
"status": "affected",
"version": "0.53.0"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:47",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-2818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poppler",
"version": {
"version_data": [
{
"version_value": "0.53.0"
}
]
}
}
]
},
"vendor_name": "Poppler"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99497"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2818",
"datePublished": "2017-07-12T17:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-17T04:29:31.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14929 (GCVE-0-2017-14929)
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"name": "DSA-4097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"name": "DSA-4097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102969",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"name": "DSA-4097",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14929",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37051 (GCVE-0-2022-37051)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3620-1] poppler security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T13:06:12.920159",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3620-1] poppler security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37051",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7296 (GCVE-0-2013-7296)
Vulnerability from cvelistv5
Published
2014-01-26 01:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-0156",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html"
},
{
"name": "56567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56567"
},
{
"name": "[oss-security] 20140117 Re: CVE Request - Poppler library: DoS fixed in 0.24.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/105"
},
{
"name": "GLSA-201401-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684"
},
{
"name": "poppler-jbig2stream-readsegments-dos(90552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199"
},
{
"name": "[oss-security] 20140116 CVE Request - Poppler library: DoS fixed in 0.24.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/97"
},
{
"name": "56776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-0156",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html"
},
{
"name": "56567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56567"
},
{
"name": "[oss-security] 20140117 Re: CVE Request - Poppler library: DoS fixed in 0.24.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/105"
},
{
"name": "GLSA-201401-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684"
},
{
"name": "poppler-jbig2stream-readsegments-dos(90552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199"
},
{
"name": "[oss-security] 20140116 CVE Request - Poppler library: DoS fixed in 0.24.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/97"
},
{
"name": "56776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-0156",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html"
},
{
"name": "56567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56567"
},
{
"name": "[oss-security] 20140117 Re: CVE Request - Poppler library: DoS fixed in 0.24.5",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/105"
},
{
"name": "GLSA-201401-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684",
"refsource": "MISC",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684"
},
{
"name": "poppler-jbig2stream-readsegments-dos(90552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90552"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199"
},
{
"name": "[oss-security] 20140116 CVE Request - Poppler library: DoS fixed in 0.24.5",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/97"
},
{
"name": "56776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7296",
"datePublished": "2014-01-26T01:00:00",
"dateReserved": "2014-01-17T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9408 (GCVE-0-2017-9408)
Vulnerability from cvelistv5
Published
2017-06-02 19:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100776"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100776"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=100776",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100776"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9408",
"datePublished": "2017-06-02T19:00:00",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2820 (GCVE-0-2017-2820)
Vulnerability from cvelistv5
Published
2017-07-12 17:00
Modified
2024-09-16 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- heap overflow
Summary
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poppler",
"vendor": "Poppler",
"versions": [
{
"status": "affected",
"version": "0.53"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:50",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-2820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poppler",
"version": {
"version_data": [
{
"version_value": "0.53"
}
]
}
}
]
},
"vendor_name": "Poppler"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99497"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2820",
"datePublished": "2017-07-12T17:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T17:57:59.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23804 (GCVE-0-2020-23804)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-04 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/936"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3620-1] poppler security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T13:06:11.444816",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/936"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3620-1] poppler security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23804",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:05:11.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10873 (GCVE-0-2019-10873)
Vulnerability from cvelistv5
Published
2019-04-05 03:17
Modified
2024-08-04 22:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:02.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
},
{
"name": "107862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T15:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
},
{
"name": "107862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/748",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
},
{
"name": "107862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10873",
"datePublished": "2019-04-05T03:17:06",
"dateReserved": "2019-04-04T00:00:00",
"dateUpdated": "2024-08-04T22:32:02.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14518 (GCVE-0-2017-14518)
Vulnerability from cvelistv5
Published
2017-09-17 23:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102688",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14518",
"datePublished": "2017-09-17T23:00:00",
"dateReserved": "2017-09-17T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9903 (GCVE-0-2019-9903)
Vulnerability from cvelistv5
Published
2019-03-21 17:42
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/"
},
{
"name": "107560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107560"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-95eb49ef49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"name": "FEDORA-2019-3193a75b06",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/"
},
{
"name": "107560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107560"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-95eb49ef49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"name": "FEDORA-2019-3193a75b06",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/741",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741"
},
{
"name": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/"
},
{
"name": "107560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107560"
},
{
"name": "FEDORA-2019-14040bfa27",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-95eb49ef49",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"name": "FEDORA-2019-3193a75b06",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9903",
"datePublished": "2019-03-21T17:42:50",
"dateReserved": "2019-03-21T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37050 (GCVE-0-2022-37050)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2025-07-02 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3620-1] poppler security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37050",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:19:32.342313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:20:40.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T13:06:14.465Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3620-1] poppler security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37050",
"datePublished": "2023-08-22T00:00:00.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2025-07-02T14:20:40.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37052 (GCVE-0-2022-37052)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37052",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:06:03.761814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:06:14.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:41.782848",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37052",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-10-03T19:06:14.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34872 (GCVE-0-2023-34872)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2025-07-09 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399"
},
{
"name": "FEDORA-2023-4285cca9bf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/"
},
{
"name": "FEDORA-2023-4eff9e2cd6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/"
},
{
"name": "FEDORA-2023-f0be0daaa5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/"
},
{
"name": "FEDORA-2023-6b20b7807a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T13:46:31.503626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T13:47:14.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T03:06:22.697Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399"
},
{
"name": "FEDORA-2023-4285cca9bf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/"
},
{
"name": "FEDORA-2023-4eff9e2cd6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/"
},
{
"name": "FEDORA-2023-f0be0daaa5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/"
},
{
"name": "FEDORA-2023-6b20b7807a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34872",
"datePublished": "2023-07-31T00:00:00.000Z",
"dateReserved": "2023-06-07T00:00:00.000Z",
"dateUpdated": "2025-07-09T13:47:14.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18897 (GCVE-0-2018-18897)
Vulnerability from cvelistv5
Published
2018-11-02 06:00
Modified
2024-08-05 11:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/654",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18897",
"datePublished": "2018-11-02T06:00:00",
"dateReserved": "2018-11-02T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19060 (GCVE-0-2018-19060)
Vulnerability from cvelistv5
Published
2018-11-07 16:00
Modified
2024-08-05 11:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:03.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/660"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/660"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/660",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/660"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19060",
"datePublished": "2018-11-07T16:00:00",
"dateReserved": "2018-11-07T00:00:00",
"dateUpdated": "2024-08-05T11:30:03.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7511 (GCVE-0-2017-7511)
Vulnerability from cvelistv5
Published
2017-05-30 18:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "Poppler",
"versions": [
{
"status": "affected",
"version": "since 0.17.3"
}
]
}
],
"datePublic": "2017-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-18T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7511",
"datePublished": "2017-05-30T18:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4472 (GCVE-0-2013-4472)
Vulnerability from cvelistv5
Published
2014-04-22 14:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/183"
},
{
"name": "99064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99064"
},
{
"name": "[oss-security] 20131026 CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-22T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/183"
},
{
"name": "99064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99064"
},
{
"name": "[oss-security] 20131026 CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4472",
"datePublished": "2014-04-22T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3702 (GCVE-0-2010-3702)
Vulnerability from cvelistv5
Published
2010-11-05 17:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-16662",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"name": "RHSA-2010:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"name": "SUSE-SR:2010:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "MDVSA-2010:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "43845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"name": "MDVSA-2010:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "RHSA-2010:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"name": "FEDORA-2010-15981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"name": "ADV-2010-2897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "DSA-2135",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"name": "RHSA-2010:0755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "RHSA-2010:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-11T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-16662",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"name": "RHSA-2010:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"name": "SUSE-SR:2010:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "MDVSA-2010:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "43845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43845"
},
{
"name": "MDVSA-2010:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "RHSA-2010:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"name": "FEDORA-2010-15981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"name": "ADV-2010-2897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "DSA-2135",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"name": "RHSA-2010:0755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "RHSA-2010:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3702",
"datePublished": "2010-11-05T17:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18267 (GCVE-0-2017-18267)
Vulnerability from cvelistv5
Published
2018-05-10 15:00
Modified
2024-08-05 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "USN-3647-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"name": "RHSA-2018:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "USN-3647-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"name": "RHSA-2018:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238",
"refsource": "CONFIRM",
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "USN-3647-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"name": "RHSA-2018:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "RHBA-2019:0327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18267",
"datePublished": "2018-05-10T15:00:00",
"dateReserved": "2018-05-10T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9776 (GCVE-0-2017-9776)
Vulnerability from cvelistv5
Published
2017-06-22 21:00
Modified
2024-08-05 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101541"
},
{
"name": "RHSA-2017:2551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "99240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99240"
},
{
"name": "RHSA-2017:2550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101541"
},
{
"name": "RHSA-2017:2551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "99240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99240"
},
{
"name": "RHSA-2017:2550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2550"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=101541",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101541"
},
{
"name": "RHSA-2017:2551",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "99240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99240"
},
{
"name": "RHSA-2017:2550",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2550"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9776",
"datePublished": "2017-06-22T21:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19149 (GCVE-0-2018-19149)
Vulnerability from cvelistv5
Published
2018-11-10 19:00
Modified
2024-08-05 11:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/664"
},
{
"name": "106031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106031"
},
{
"name": "USN-3837-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "GLSA-201904-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-04"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/664"
},
{
"name": "106031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106031"
},
{
"name": "USN-3837-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "GLSA-201904-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-04"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/664",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/664"
},
{
"name": "106031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106031"
},
{
"name": "USN-3837-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "GLSA-201904-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-04"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19149",
"datePublished": "2018-11-10T19:00:00",
"dateReserved": "2018-11-10T00:00:00",
"dateUpdated": "2024-08-05T11:30:04.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14977 (GCVE-0-2017-14977)
Vulnerability from cvelistv5
Published
2017-10-01 23:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=103045",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14977",
"datePublished": "2017-10-01T23:00:00",
"dateReserved": "2017-10-01T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20551 (GCVE-0-2018-20551)
Vulnerability from cvelistv5
Published
2018-12-28 04:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146"
},
{
"name": "USN-3886-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/703"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T11:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146"
},
{
"name": "USN-3886-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/703"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146"
},
{
"name": "USN-3886-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/703",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/703"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20551",
"datePublished": "2018-12-28T04:00:00",
"dateReserved": "2018-12-27T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36023 (GCVE-0-2020-36023)
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:14.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013"
},
{
"name": "[debian-lts-announce] 20230814 [SECURITY] [DLA 3528-1] poppler security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:59:31.401936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:59:39.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013"
},
{
"name": "[debian-lts-announce] 20230814 [SECURITY] [DLA 3528-1] poppler security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36023",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-10-09T17:59:39.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7310 (GCVE-0-2019-7310)
Vulnerability from cvelistv5
Published
2019-02-03 03:00
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/717"
},
{
"name": "106829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106829"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797"
},
{
"name": "USN-3886-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"name": "FEDORA-2019-8b5e704a73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T01:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/717"
},
{
"name": "106829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106829"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797"
},
{
"name": "USN-3886-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"name": "FEDORA-2019-8b5e704a73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/717",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/717"
},
{
"name": "106829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106829"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797"
},
{
"name": "USN-3886-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3886-1/"
},
{
"name": "FEDORA-2019-8b5e704a73",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7310",
"datePublished": "2019-02-03T03:00:00",
"dateReserved": "2019-02-02T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27778 (GCVE-0-2020-27778)
Vulnerability from cvelistv5
Published
2020-12-03 16:46
Modified
2024-08-04 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "poppler 0.76.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the \u0027pdftohtml\u0027 program, would crash the application causing a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "poppler",
"version": {
"version_data": [
{
"version_value": "poppler 0.76.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the \u0027pdftohtml\u0027 program, would crash the application causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27778",
"datePublished": "2020-12-03T16:46:47",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:42.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2814 (GCVE-0-2017-2814)
Vulnerability from cvelistv5
Published
2017-07-12 17:00
Modified
2024-09-16 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- heap overflow
Summary
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poppler",
"vendor": "Poppler",
"versions": [
{
"status": "affected",
"version": "0.53.0"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:42",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-2814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poppler",
"version": {
"version_data": [
{
"version_value": "0.53.0"
}
]
}
}
]
},
"vendor_name": "Poppler"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99497"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2814",
"datePublished": "2017-07-12T17:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T19:15:46.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18839 (GCVE-0-2020-18839)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-04 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-18839",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T16:29:54.894516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:30:40.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:13.074815",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18839",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-10-04T16:30:40.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14976 (GCVE-0-2017-14976)
Vulnerability from cvelistv5
Published
2017-10-01 23:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102724"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102724"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102724",
"refsource": "CONFIRM",
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102724"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14976",
"datePublished": "2017-10-01T23:00:00",
"dateReserved": "2017-10-01T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14927 (GCVE-0-2017-14927)
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-29T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102604",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14927",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6239 (GCVE-0-2024-6239)
Vulnerability from cvelistv5
Published
2024-06-21 13:28
Modified
2025-08-03 08:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 24.06.0 ≤ 24.06.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:14:35.733533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:14:46.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6239"
},
{
"name": "RHBZ#2293594",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/poppler/poppler",
"defaultStatus": "unaffected",
"packageName": "poppler",
"versions": [
{
"lessThanOrEqual": "24.06.1",
"status": "affected",
"version": "24.06.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "poppler",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:20.11.0-12.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "poppler",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.01.0-21.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "poppler",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "poppler",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-poppler022",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "poppler",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gimp:flatpak/poppler",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "inkscape:flatpak/poppler",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libreoffice:flatpak/poppler",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "inkscape:flatpak/poppler",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libreoffice:flatpak/poppler",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-06-06T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Poppler\u0027s Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-03T08:43:20.457Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:5305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:5305"
},
{
"name": "RHSA-2024:9167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9167"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6239"
},
{
"name": "RHBZ#2293594",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293594"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-06-06T09:00:00+00:00",
"value": "Made public."
}
],
"title": "Poppler: pdfinfo: crash in broken documents when using -dests parameter",
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-6239",
"datePublished": "2024-06-21T13:28:23.857Z",
"dateReserved": "2024-06-21T04:27:59.923Z",
"dateUpdated": "2025-08-03T08:43:20.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9083 (GCVE-0-2017-9083)
Vulnerability from cvelistv5
Published
2017-05-19 16:00
Modified
2024-08-05 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101084"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101084"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=101084",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101084"
},
{
"name": "GLSA-201801-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9083",
"datePublished": "2017-05-19T16:00:00",
"dateReserved": "2017-05-19T00:00:00",
"dateUpdated": "2024-08-05T16:55:22.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9631 (GCVE-0-2019-9631)
Vulnerability from cvelistv5
Published
2019-03-08 05:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "[debian-lts-announce] 20190408 [SECURITY] [DLA 1752-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "[debian-lts-announce] 20190408 [SECURITY] [DLA 1752-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/736",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
},
{
"name": "FEDORA-2019-14040bfa27",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "[debian-lts-announce] 20190408 [SECURITY] [DLA 1752-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9631",
"datePublished": "2019-03-08T05:00:00",
"dateReserved": "2019-03-07T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14494 (GCVE-0-2019-14494)
Vulnerability from cvelistv5
Published
2019-08-01 16:05
Modified
2024-08-05 00:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317"
},
{
"name": "USN-4091-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4091-1/"
},
{
"name": "FEDORA-2020-24ded2cd52",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC/"
},
{
"name": "FEDORA-2020-b8b7a4a0e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLAQBLBIIL3A5XZQYR4MG3Z4LIPIC42P/"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317"
},
{
"name": "USN-4091-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4091-1/"
},
{
"name": "FEDORA-2020-24ded2cd52",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC/"
},
{
"name": "FEDORA-2020-b8b7a4a0e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLAQBLBIIL3A5XZQYR4MG3Z4LIPIC42P/"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/802",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/802"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317"
},
{
"name": "USN-4091-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4091-1/"
},
{
"name": "FEDORA-2020-24ded2cd52",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC/"
},
{
"name": "FEDORA-2020-b8b7a4a0e5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLAQBLBIIL3A5XZQYR4MG3Z4LIPIC42P/"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14494",
"datePublished": "2019-08-01T16:05:09",
"dateReserved": "2019-08-01T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9545 (GCVE-0-2019-9545)
Vulnerability from cvelistv5
Published
2019-03-01 19:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/731"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/731"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/731",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/731"
},
{
"name": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9545",
"datePublished": "2019-03-01T19:00:00",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9543 (GCVE-0-2019-9543)
Vulnerability from cvelistv5
Published
2019-03-01 19:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
},
{
"name": "107238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107238"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
},
{
"name": "107238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107238"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
},
{
"name": "107238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107238"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/730",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9543",
"datePublished": "2019-03-01T19:00:00",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7515 (GCVE-0-2017-7515)
Vulnerability from cvelistv5
Published
2017-06-06 14:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | poppler |
Version: through 0.55.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "through 0.55.0"
}
]
}
],
"datePublic": "2017-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101208"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7515",
"datePublished": "2017-06-06T14:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10871 (GCVE-0-2019-10871)
Vulnerability from cvelistv5
Published
2019-04-05 03:16
Modified
2024-08-04 22:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:02.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751"
},
{
"name": "107862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1963-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"name": "[debian-lts-announce] 20191018 [SECURITY] [DLA 1963-2] poppler regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-18T08:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751"
},
{
"name": "107862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1963-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"name": "[debian-lts-announce] 20191018 [SECURITY] [DLA 1963-2] poppler regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/751",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751"
},
{
"name": "107862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107862"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1963-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html"
},
{
"name": "[debian-lts-announce] 20191018 [SECURITY] [DLA 1963-2] poppler regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10871",
"datePublished": "2019-04-05T03:16:23",
"dateReserved": "2019-04-04T00:00:00",
"dateUpdated": "2024-08-04T22:32:02.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2142 (GCVE-0-2012-2142)
Vulnerability from cvelistv5
Published
2020-01-09 20:42
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "poppler",
"versions": [
{
"status": "affected",
"version": "before 0.21.4"
}
]
}
],
"datePublic": "2012-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T20:42:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/09/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2142",
"datePublished": "2020-01-09T20:42:47",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14520 (GCVE-0-2017-14520)
Vulnerability from cvelistv5
Published
2017-09-17 23:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102719",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14520",
"datePublished": "2017-09-17T23:00:00",
"dateReserved": "2017-09-17T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36024 (GCVE-0-2020-36024)
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016"
},
{
"name": "[debian-lts-announce] 20230814 [SECURITY] [DLA 3528-1] poppler security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:56:32.606116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:56:39.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016"
},
{
"name": "[debian-lts-announce] 20230814 [SECURITY] [DLA 3528-1] poppler security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36024",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-10-09T17:56:39.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14617 (GCVE-0-2017-14617)
Vulnerability from cvelistv5
Published
2017-09-20 21:00
Modified
2024-09-16 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102854",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14617",
"datePublished": "2017-09-20T21:00:00Z",
"dateReserved": "2017-09-20T00:00:00Z",
"dateUpdated": "2024-09-16T18:19:50.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32364 (GCVE-0-2025-32364)
Vulnerability from cvelistv5
Published
2025-04-05 00:00
Modified
2025-04-07 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freedesktop | Poppler |
Version: 0 < 25.04.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:06:56.044119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:07:04.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poppler",
"vendor": "freedesktop",
"versions": [
{
"lessThan": "25.04.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T22:08:50.936Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32364",
"datePublished": "2025-04-05T00:00:00.000Z",
"dateReserved": "2025-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-07T16:07:04.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10768 (GCVE-0-2018-10768)
Vulnerability from cvelistv5
Published
2018-05-06 23:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "USN-3647-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"name": "RHSA-2018:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T05:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "USN-3647-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"name": "RHSA-2018:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=106408",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "USN-3647-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3647-1/"
},
{
"name": "RHSA-2018:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name": "RHBA-2019:0327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10768",
"datePublished": "2018-05-06T23:00:00",
"dateReserved": "2018-05-06T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20662 (GCVE-0-2018-20662)
Vulnerability from cvelistv5
Published
2019-01-03 13:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/706"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f"
},
{
"name": "FEDORA-2019-8b5e704a73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T01:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/706"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f"
},
{
"name": "FEDORA-2019-8b5e704a73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/706",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/706"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f"
},
{
"name": "FEDORA-2019-8b5e704a73",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/"
},
{
"name": "FEDORA-2019-14040bfa27",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20662",
"datePublished": "2019-01-03T13:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9200 (GCVE-0-2019-9200)
Vulnerability from cvelistv5
Published
2019-02-26 23:00
Modified
2024-08-04 21:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/"
},
{
"name": "107172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107172"
},
{
"name": "USN-3905-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3905-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/"
},
{
"name": "107172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107172"
},
{
"name": "USN-3905-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3905-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "FEDORA-2019-14040bfa27",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/728",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/728"
},
{
"name": "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/"
},
{
"name": "107172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107172"
},
{
"name": "USN-3905-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3905-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "FEDORA-2019-14040bfa27",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/"
},
{
"name": "FEDORA-2019-13ba3be562",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/"
},
{
"name": "FEDORA-2019-d04944813d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9200",
"datePublished": "2019-02-26T23:00:00",
"dateReserved": "2019-02-26T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14975 (GCVE-0-2017-14975)
Vulnerability from cvelistv5
Published
2017-10-01 23:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653",
"refsource": "CONFIRM",
"url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14975",
"datePublished": "2017-10-01T23:00:00",
"dateReserved": "2017-10-01T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4474 (GCVE-0-2013-4474)
Vulnerability from cvelistv5
Published
2013-11-23 11:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/723124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75"
},
{
"name": "56567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56567"
},
{
"name": "GLSA-201401-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"name": "63374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63374"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"name": "USN-2958-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/723124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75"
},
{
"name": "56567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56567"
},
{
"name": "GLSA-201401-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"name": "63374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63374"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"name": "USN-2958-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/723124",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/723124"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75"
},
{
"name": "56567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56567"
},
{
"name": "GLSA-201401-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"name": "63374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63374"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=69434",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"name": "USN-2958-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4474",
"datePublished": "2013-11-23T11:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4473 (GCVE-0-2013-4473)
Vulnerability from cvelistv5
Published
2013-11-23 11:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/723124"
},
{
"name": "56567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56567"
},
{
"name": "GLSA-201401-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"name": "USN-2958-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/tree/NEWS"
},
{
"name": "63368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63368"
},
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-06T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/723124"
},
{
"name": "56567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56567"
},
{
"name": "GLSA-201401-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"name": "USN-2958-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/tree/NEWS"
},
{
"name": "63368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63368"
},
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/723124",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/723124"
},
{
"name": "56567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56567"
},
{
"name": "GLSA-201401-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201401-21.xml"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=69434",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434"
},
{
"name": "USN-2958-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2958-1"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfseparate.cc?id=b8682d868ddf7f741e93b"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/tree/NEWS",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/tree/NEWS"
},
{
"name": "63368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63368"
},
{
"name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/29/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4473",
"datePublished": "2013-11-23T11:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9775 (GCVE-0-2017-9775)
Vulnerability from cvelistv5
Published
2017-06-22 21:00
Modified
2024-08-05 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101540"
},
{
"name": "RHSA-2017:2551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101540"
},
{
"name": "RHSA-2017:2551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99241"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=101540",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101540"
},
{
"name": "RHSA-2017:2551",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2551"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9775",
"datePublished": "2017-06-22T21:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30860 (GCVE-0-2021-30860)
Vulnerability from cvelistv5
Published
2021-08-24 18:49
Modified
2025-07-30 01:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:48:13.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212824"
},
{
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "GLSA-202209-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-21"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-30860",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T18:40:44.536500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:38:03.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-30860 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2021-005",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:49.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212804"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212805"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212806"
},
{
"name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212824"
},
{
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "GLSA-202209-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021-005"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212804",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212804"
},
{
"name": "https://support.apple.com/en-us/HT212805",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212805"
},
{
"name": "https://support.apple.com/en-us/HT212807",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212807"
},
{
"name": "https://support.apple.com/en-us/HT212806",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212806"
},
{
"name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/28"
},
{
"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/27"
},
{
"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/25"
},
{
"name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/26"
},
{
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"name": "https://support.apple.com/kb/HT212824",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212824"
},
{
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "GLSA-202209-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-30860",
"datePublished": "2021-08-24T18:49:25.000Z",
"dateReserved": "2021-04-13T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:38:03.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38784 (GCVE-0-2022-38784)
Vulnerability from cvelistv5
Published
2022-08-30 02:58
Modified
2024-09-17 03:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"tags": [
"x_transferred"
],
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "DSA-5224",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"name": "FEDORA-2022-f7b375eae8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/"
},
{
"name": "FEDORA-2022-51b27699ce",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"name": "GLSA-202209-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"name": "FEDORA-2022-f79aa2bae9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/"
},
{
"name": "FEDORA-2022-fcb3b063a6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38171"
},
{
"name": "FEDORA-2022-f8ec1c06a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"url": "https://poppler.freedesktop.org/releases.html"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"name": "DSA-5224",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"name": "FEDORA-2022-f7b375eae8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/"
},
{
"name": "FEDORA-2022-51b27699ce",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
},
{
"name": "GLSA-202209-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"name": "FEDORA-2022-f79aa2bae9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/"
},
{
"name": "FEDORA-2022-fcb3b063a6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/"
},
{
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38171"
},
{
"name": "FEDORA-2022-f8ec1c06a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38784",
"datePublished": "2022-08-30T02:58:33.566936Z",
"dateReserved": "2022-08-26T00:00:00",
"dateUpdated": "2024-09-17T03:54:54.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-21009 (GCVE-0-2018-21009)
Vulnerability from cvelistv5
Published
2019-09-05 03:24
Modified
2024-08-05 12:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21009",
"datePublished": "2019-09-05T03:24:29",
"dateReserved": "2019-09-04T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11026 (GCVE-0-2019-11026)
Vulnerability from cvelistv5
Published
2019-04-08 22:20
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/1508/"
},
{
"name": "FEDORA-2019-1ddce0c095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/"
},
{
"name": "FEDORA-2019-95eb49ef49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"name": "FEDORA-2019-3193a75b06",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T06:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/1508/"
},
{
"name": "FEDORA-2019-1ddce0c095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/"
},
{
"name": "FEDORA-2019-95eb49ef49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"name": "FEDORA-2019-3193a75b06",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/752",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752"
},
{
"name": "https://research.loginsoft.com/bugs/1508/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/1508/"
},
{
"name": "FEDORA-2019-1ddce0c095",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/"
},
{
"name": "FEDORA-2019-95eb49ef49",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/"
},
{
"name": "FEDORA-2019-3193a75b06",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11026",
"datePublished": "2019-04-08T22:20:51",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38349 (GCVE-0-2022-38349)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:39:03.910275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:39:32.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:42.859343",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282"
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38349",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-10-03T14:39:32.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27337 (GCVE-0-2022-27337)
Vulnerability from cvelistv5
Published
2022-05-05 18:36
Modified
2024-08-03 05:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177"
},
{
"name": "FEDORA-2022-ce08b1c643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/"
},
{
"name": "DSA-5224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177"
},
{
"name": "FEDORA-2022-ce08b1c643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/"
},
{
"name": "DSA-5224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177"
},
{
"name": "FEDORA-2022-ce08b1c643",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/"
},
{
"name": "DSA-5224",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27337",
"datePublished": "2022-05-05T18:36:34",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38171 (GCVE-0-2022-38171)
Vulnerability from cvelistv5
Published
2022-08-22 18:33
Modified
2024-09-16 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
},
{
"tags": [
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"
},
{
"url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html"
},
{
"url": "https://github.com/jeffssh/CVE-2021-30860"
},
{
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38171",
"datePublished": "2022-08-22T18:33:47.097485Z",
"dateReserved": "2022-08-12T00:00:00",
"dateUpdated": "2024-09-16T18:34:06.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4653 (GCVE-0-2010-4653)
Vulnerability from cvelistv5
Published
2019-11-13 19:12
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Integer Overflow
Summary
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poppler",
"vendor": "poppler",
"versions": [
{
"status": "affected",
"version": "before 0.16.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T19:12:53",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/45948"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4653",
"datePublished": "2019-11-13T19:12:53",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9865 (GCVE-0-2017-9865)
Vulnerability from cvelistv5
Published
2017-06-25 13:00
Modified
2024-08-05 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100774"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T15:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100774"
},
{
"name": "DSA-4079",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html",
"refsource": "MISC",
"url": "http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=100774",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100774"
},
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "GLSA-201801-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-17"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9865",
"datePublished": "2017-06-25T13:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:18:02.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12293 (GCVE-0-2019-12293)
Vulnerability from cvelistv5
Published
2019-05-23 04:54
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:39.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/768"
},
{
"name": "108457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108457"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/768"
},
{
"name": "108457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108457"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "USN-4042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2713",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/768",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/768"
},
{
"name": "108457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108457"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2019-cb2bff6d48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/"
},
{
"name": "FEDORA-2019-0ea42f074e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/"
},
{
"name": "USN-4042-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"name": "RHSA-2019:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12293",
"datePublished": "2019-05-23T04:54:12",
"dateReserved": "2019-05-23T00:00:00",
"dateUpdated": "2024-08-04T23:17:39.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19058 (GCVE-0-2018-19058)
Vulnerability from cvelistv5
Published
2018-11-07 16:00
Modified
2024-08-05 11:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:03.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/659"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T01:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/659"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/659",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/659"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19058",
"datePublished": "2018-11-07T16:00:00",
"dateReserved": "2018-11-07T00:00:00",
"dateUpdated": "2024-08-05T11:30:03.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16646 (GCVE-0-2018-16646)
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 10:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:52.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622951"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1562-2] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "USN-3837-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "[debian-lts-announce] 20181214 [SECURITY] [DLA 1562-3] poppler regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html"
},
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T11:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622951"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1562-2] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "USN-3837-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "[debian-lts-announce] 20181214 [SECURITY] [DLA 1562-3] poppler regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html"
},
{
"name": "USN-3837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "RHSA-2019:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1622951",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622951"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1562-2] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html"
},
{
"name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"name": "USN-3837-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "[debian-lts-announce] 20181214 [SECURITY] [DLA 1562-3] poppler regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html"
},
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
},
{
"name": "RHSA-2019:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16646",
"datePublished": "2018-09-06T23:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:32:52.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5110 (GCVE-0-2010-5110)
Vulnerability from cvelistv5
Published
2014-08-29 17:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8"
},
{
"name": "[oss-security] 20140918 CVE Request : poppler \u003c 0.13.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/11132"
},
{
"name": "SUSE-SU-2014:0817",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=26280"
},
{
"name": "59857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-29T16:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8"
},
{
"name": "[oss-security] 20140918 CVE Request : poppler \u003c 0.13.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/11132"
},
{
"name": "SUSE-SU-2014:0817",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=26280"
},
{
"name": "59857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5110",
"datePublished": "2014-08-29T17:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1790 (GCVE-0-2013-1790)
Vulnerability from cvelistv5
Published
2013-04-09 20:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-3457",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "MDVSA-2013:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"name": "FEDORA-2013-3473",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"name": "DSA-2719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=b1026b5978c385328f2a15a2185c599a563edf91"
},
{
"name": "52846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-24T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-3457",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "MDVSA-2013:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"name": "FEDORA-2013-3473",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"name": "DSA-2719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=b1026b5978c385328f2a15a2185c599a563edf91"
},
{
"name": "52846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-3457",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
},
{
"name": "MDVSA-2013:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:143"
},
{
"name": "FEDORA-2013-3473",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
},
{
"name": "USN-1785-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1785-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=917111",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917111"
},
{
"name": "http://j00ru.vexillium.org/?p=1507",
"refsource": "MISC",
"url": "http://j00ru.vexillium.org/?p=1507"
},
{
"name": "DSA-2719",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2719"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=b1026b5978c385328f2a15a2185c599a563edf91",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22\u0026id=b1026b5978c385328f2a15a2185c599a563edf91"
},
{
"name": "52846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52846"
},
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1790",
"datePublished": "2013-04-09T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14928 (GCVE-0-2017-14928)
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T01:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102607",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607"
},
{
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14928",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}