High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-01	CVE-2019-14494	Divide By Zero vulnerability in multiple products An issue was discovered in Poppler through 0.78.0. network low complexity freedesktop canonical fedoraproject debian redhat CWE-369	7.5
2019-06-11	CVE-2019-12749	Link Following vulnerability in multiple products dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. local low complexity freedesktop canonical CWE-59	7.1
2019-05-23	CVE-2019-12293	Out-of-bounds Read vulnerability in Freedesktop Poppler In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. network low complexity freedesktop CWE-125	8.8
2019-04-05	CVE-2019-10872	Out-of-bounds Read vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. network low complexity freedesktop CWE-125	8.8
2019-02-26	CVE-2019-9200	Out-of-bounds Write vulnerability in multiple products A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. network low complexity freedesktop debian canonical CWE-787	8.8
2019-02-03	CVE-2019-7310	Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. local low complexity freedesktop canonical debian fedoraproject redhat CWE-681	7.8
2018-01-09	CVE-2017-15131	Improper Access Control vulnerability in multiple products It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. local low complexity freedesktop redhat CWE-284	7.8
2017-07-12	CVE-2017-2820	Integer Overflow or Wraparound vulnerability in Freedesktop Poppler 0.53.0 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. network low complexity freedesktop CWE-190	8.8
2013-11-23	CVE-2013-4473	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. network low complexity freedesktop canonical CWE-119	7.5
2013-03-05	CVE-2013-0292	Improper Input Validation vulnerability in Freedesktop Dbus-Glib The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. local low complexity freedesktop CWE-20	7.2