| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-20481 | 4.3 |
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser
|
23-07-2020 - 12:15 | 26-12-2018 - 04:29 | |
| CVE-2019-9200 | 6.8 |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmen
|
23-07-2020 - 12:15 | 26-02-2019 - 23:29 | |
| CVE-2019-9631 | 7.5 |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
|
23-07-2020 - 12:15 | 08-03-2019 - 05:29 | |
| CVE-2018-21009 | 6.8 |
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
|
23-07-2020 - 12:15 | 05-09-2019 - 04:15 | |
| CVE-2019-12293 | 6.8 |
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
|
23-07-2020 - 12:15 | 23-05-2019 - 05:29 | |
| CVE-2017-18267 | 4.3 |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
|
23-07-2020 - 12:15 | 10-05-2018 - 15:29 | |
| CVE-2018-16646 | 4.3 |
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
|
23-07-2020 - 12:15 | 06-09-2018 - 23:29 | |
| CVE-2019-10872 | 6.8 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
|
23-07-2020 - 12:15 | 05-04-2019 - 04:29 |