Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
Max CVSS
9.8
EPSS Score
1.02%
Published
2019-03-08
Updated
2020-07-23
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
Max CVSS
9.3
EPSS Score
0.14%
Published
2019-11-13
Updated
2020-08-18
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
Max CVSS
9.3
EPSS Score
3.37%
Published
2016-05-06
Updated
2018-01-05
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.64%
Published
2017-07-12
Updated
2022-04-19
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.34%
Published
2017-07-12
Updated
2022-04-19
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
Max CVSS
8.8
EPSS Score
0.54%
Published
2017-07-12
Updated
2023-01-27
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
Max CVSS
8.8
EPSS Score
0.35%
Published
2017-10-17
Updated
2019-03-14
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
Max CVSS
8.8
EPSS Score
0.43%
Published
2018-01-02
Updated
2019-04-30
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
Max CVSS
8.8
EPSS Score
0.31%
Published
2019-09-05
Updated
2020-07-23
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
8.8
EPSS Score
2.64%
Published
2019-02-26
Updated
2020-07-23
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
Max CVSS
8.8
EPSS Score
0.70%
Published
2019-03-01
Updated
2021-07-21
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
Max CVSS
8.8
EPSS Score
0.30%
Published
2019-03-01
Updated
2021-07-21
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
Max CVSS
8.8
EPSS Score
1.85%
Published
2019-04-05
Updated
2020-07-23
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
Max CVSS
8.8
EPSS Score
1.78%
Published
2019-05-23
Updated
2020-07-23
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
Max CVSS
7.8
EPSS Score
0.32%
Published
2020-01-09
Updated
2020-01-15
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
Max CVSS
7.8
EPSS Score
0.49%
Published
2017-06-22
Updated
2019-03-12
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
Max CVSS
7.8
EPSS Score
0.10%
Published
2017-09-17
Updated
2018-01-09
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
Max CVSS
7.8
EPSS Score
0.08%
Published
2017-09-17
Updated
2018-01-09
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
Max CVSS
7.8
EPSS Score
0.06%
Published
2017-09-20
Updated
2017-09-27
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Max CVSS
7.8
EPSS Score
0.15%
Published
2019-02-03
Updated
2022-05-03
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
Max CVSS
7.8
EPSS Score
0.09%
Published
2020-12-25
Updated
2024-03-21

CVE-2021-30860

Known exploited
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Max CVSS
7.8
EPSS Score
0.16%
Published
2021-08-24
Updated
2024-02-02
CISA KEV Added
2021-11-03
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
Max CVSS
7.8
EPSS Score
0.20%
Published
2022-08-22
Updated
2022-10-27
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Max CVSS
7.8
EPSS Score
0.13%
Published
2022-08-30
Updated
2022-10-28
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
Max CVSS
7.5
EPSS Score
0.43%
Published
2010-11-05
Updated
2020-12-23
80 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!