Vulnerabilities > Freedesktop > Poppler > 0.59.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-10 | CVE-2018-19149 | NULL Pointer Dereference vulnerability in multiple products Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | 4.3 |
| 2018-07-25 | CVE-2018-13988 | Out-of-bounds Read vulnerability in multiple products Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. | 4.3 |
| 2018-05-10 | CVE-2017-18267 | Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | 4.3 |
| 2017-10-17 | CVE-2017-15565 | NULL Pointer Dereference vulnerability in multiple products In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | 6.8 |
| 2017-10-02 | CVE-2017-14977 | NULL Pointer Dereference vulnerability in multiple products The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | 5.0 |
| 2017-10-02 | CVE-2017-14976 | Out-of-bounds Read vulnerability in multiple products The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | 5.0 |
| 2017-10-02 | CVE-2017-14975 | NULL Pointer Dereference vulnerability in multiple products The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | 5.0 |
| 2017-09-30 | CVE-2017-14929 | Infinite Loop vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | 5.0 |
| 2017-09-30 | CVE-2017-14928 | NULL Pointer Dereference vulnerability in multiple products In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | 4.3 |
| 2017-09-30 | CVE-2017-14927 | NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | 4.3 |