Vulnerabilities > Freedesktop > Poppler > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-01 CVE-2018-20650 Improper Input Validation vulnerability in multiple products
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
network
low complexity
freedesktop canonical debian redhat CWE-20
6.5
2018-12-28 CVE-2018-20551 Improper Input Validation vulnerability in multiple products
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
4.3
2018-12-26 CVE-2018-20481 NULL Pointer Dereference vulnerability in multiple products
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
4.3
2018-11-10 CVE-2018-19149 NULL Pointer Dereference vulnerability in multiple products
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
4.3
2018-11-07 CVE-2018-19060 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
4.3
2018-11-07 CVE-2018-19059 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
4.3
2018-11-07 CVE-2018-19058 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical debian redhat CWE-670
6.5
2018-11-02 CVE-2018-18897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop debian canonical redhat CWE-772
6.5
2018-09-06 CVE-2018-16646 Infinite Loop vulnerability in multiple products
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file.
4.3
2018-07-25 CVE-2018-13988 Out-of-bounds Read vulnerability in multiple products
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite.
4.3