Vulnerabilities > Freedesktop > Poppler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-02 | CVE-2018-18897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
| 2018-09-06 | CVE-2018-16646 | Infinite Loop vulnerability in multiple products In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. | 4.3 |
| 2018-07-25 | CVE-2018-13988 | Out-of-bounds Read vulnerability in multiple products Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. | 4.3 |
| 2018-05-10 | CVE-2017-18267 | Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | 4.3 |
| 2018-05-06 | CVE-2018-10768 | NULL Pointer Dereference vulnerability in multiple products There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. | 4.3 |
| 2018-01-02 | CVE-2017-1000456 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | 6.8 |
| 2017-10-17 | CVE-2017-15565 | NULL Pointer Dereference vulnerability in multiple products In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | 6.8 |
| 2017-10-02 | CVE-2017-14977 | NULL Pointer Dereference vulnerability in multiple products The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | 5.0 |
| 2017-10-02 | CVE-2017-14976 | Out-of-bounds Read vulnerability in multiple products The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | 5.0 |
| 2017-10-02 | CVE-2017-14975 | NULL Pointer Dereference vulnerability in multiple products The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | 5.0 |