Vulnerabilities > Freedesktop

DATE CVE VULNERABILITY TITLE RISK
2019-01-01 CVE-2018-20650 Improper Input Validation vulnerability in multiple products
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
network
low complexity
freedesktop canonical debian redhat CWE-20
6.5
6.5
2018-12-28 CVE-2018-20551 Improper Input Validation vulnerability in multiple products
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
network
low complexity
freedesktop canonical CWE-20
6.5
6.5
2018-12-26 CVE-2018-20481 NULL Pointer Dereference vulnerability in multiple products
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
network
low complexity
freedesktop canonical debian CWE-476
6.5
6.5
2018-11-10 CVE-2018-19149 NULL Pointer Dereference vulnerability in multiple products
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
network
low complexity
freedesktop canonical CWE-476
6.5
6.5
2018-11-07 CVE-2018-19060 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical CWE-476
6.5
6.5
2018-11-07 CVE-2018-19059 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical CWE-125
6.5
6.5
2018-11-07 CVE-2018-19058 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical debian redhat CWE-670
6.5
6.5
2018-11-02 CVE-2018-18897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop debian canonical redhat CWE-772
6.5
6.5
2018-09-22 CVE-2018-17336 Use of Externally-Controlled Format String vulnerability in multiple products
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
local
low complexity
freedesktop canonical CWE-134
7.8
7.8
2018-09-06 CVE-2018-16646 Infinite Loop vulnerability in multiple products
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file.
network
low complexity
freedesktop debian canonical CWE-835
6.5
6.5