In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
Max CVSS
8.8
EPSS Score
1.78%
Published
2019-05-23
Updated
2020-07-23
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
Max CVSS
8.8
EPSS Score
1.85%
Published
2019-04-05
Updated
2020-07-23
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
Max CVSS
9.8
EPSS Score
1.02%
Published
2019-03-08
Updated
2020-07-23
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
Max CVSS
8.8
EPSS Score
0.30%
Published
2019-03-01
Updated
2021-07-21
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
Max CVSS
8.8
EPSS Score
0.70%
Published
2019-03-01
Updated
2021-07-21
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
8.8
EPSS Score
2.64%
Published
2019-02-26
Updated
2020-07-23
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
Max CVSS
8.8
EPSS Score
0.31%
Published
2019-09-05
Updated
2020-07-23
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
Max CVSS
8.8
EPSS Score
0.43%
Published
2018-01-02
Updated
2019-04-30
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
Max CVSS
8.8
EPSS Score
0.35%
Published
2017-10-17
Updated
2019-03-14
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
Max CVSS
8.8
EPSS Score
0.54%
Published
2017-07-12
Updated
2023-01-27
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.34%
Published
2017-07-12
Updated
2022-04-19
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.64%
Published
2017-07-12
Updated
2022-04-19
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
Max CVSS
9.3
EPSS Score
3.37%
Published
2016-05-06
Updated
2018-01-05
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
Max CVSS
9.3
EPSS Score
0.14%
Published
2019-11-13
Updated
2020-08-18
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!