Vulnerabilities > Freedesktop > Poppler > 0.72.0

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-20662 Improper Input Validation vulnerability in multiple products
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
6.5
2019-01-01 CVE-2018-20650 Improper Input Validation vulnerability in multiple products
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
network
low complexity
freedesktop canonical debian redhat CWE-20
6.5
2018-12-28 CVE-2018-20551 Improper Input Validation vulnerability in multiple products
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
network
low complexity
freedesktop canonical CWE-20
6.5
2018-12-26 CVE-2018-20481 NULL Pointer Dereference vulnerability in multiple products
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
network
low complexity
freedesktop canonical debian CWE-476
6.5