Vulnerabilities > Freedesktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-09 | CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | 7.8 |
| 2020-01-08 | CVE-2019-20367 | Out-of-bounds Read vulnerability in multiple products nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). | 9.1 |
| 2019-11-13 | CVE-2010-4654 | Injection vulnerability in multiple products poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 7.8 |
| 2019-11-13 | CVE-2010-4653 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | 6.5 |
| 2019-09-05 | CVE-2018-21009 | Integer Overflow or Wraparound vulnerability in Freedesktop Poppler Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | 8.8 |
| 2019-08-01 | CVE-2019-14494 | Divide By Zero vulnerability in multiple products An issue was discovered in Poppler through 0.78.0. | 7.5 |
| 2019-07-22 | CVE-2019-9959 | Integer Overflow or Wraparound vulnerability in multiple products The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | 6.5 |
| 2019-06-11 | CVE-2019-12749 | Link Following vulnerability in multiple products dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. | 7.1 |
| 2019-05-23 | CVE-2019-12293 | Out-of-bounds Read vulnerability in Freedesktop Poppler In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | 8.8 |
| 2019-04-08 | CVE-2019-11026 | Uncontrolled Recursion vulnerability in multiple products FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | 6.5 |