Vulnerabilities > Freedesktop > Poppler > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2019-14494 | Divide By Zero vulnerability in multiple products An issue was discovered in Poppler through 0.78.0. | 7.5 |
| 2019-05-23 | CVE-2019-12293 | Out-of-bounds Read vulnerability in Freedesktop Poppler In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | 8.8 |
| 2019-04-05 | CVE-2019-10872 | Out-of-bounds Read vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. | 8.8 |
| 2019-03-01 | CVE-2019-9545 | Uncontrolled Recursion vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. | 8.8 |
| 2019-03-01 | CVE-2019-9543 | Uncontrolled Recursion vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. | 8.8 |
| 2019-02-26 | CVE-2019-9200 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. | 8.8 |
| 2019-02-03 | CVE-2019-7310 | Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | 7.8 |
| 2018-01-02 | CVE-2017-1000456 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | 8.8 |
| 2017-10-17 | CVE-2017-15565 | NULL Pointer Dereference vulnerability in multiple products In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | 8.8 |
| 2017-10-02 | CVE-2017-14977 | NULL Pointer Dereference vulnerability in multiple products The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | 7.5 |