Freedesktop

Poppler

90 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-2814

  • EPSS 1.96%
  • Veröffentlicht 12.07.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to cod...

5.5

CVE-2017-9865

  • EPSS 0.76%
  • Veröffentlicht 25.06.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in I...

7.8

CVE-2017-9776

  • EPSS 1.25%
  • Veröffentlicht 22.06.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

6.5

CVE-2017-9775

  • EPSS 0.78%
  • Veröffentlicht 22.06.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

5.5

CVE-2017-7515

Exploit
  • EPSS 0.22%
  • Veröffentlicht 06.06.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

6.5

CVE-2017-9406

  • EPSS 1.05%
  • Veröffentlicht 02.06.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

6.5

CVE-2017-9408

  • EPSS 1.05%
  • Veröffentlicht 02.06.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

5.5

CVE-2017-7511

  • EPSS 0.25%
  • Veröffentlicht 30.05.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

6.5

CVE-2017-9083

Exploit
  • EPSS 0.68%
  • Veröffentlicht 19.05.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

9.3

CVE-2015-8868

  • EPSS 0.8%
  • Veröffentlicht 06.05.2016 17:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mo...