poppler · threatengine.sh

CVE-2025-50420

< 25.07.0

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying

6.5MEDIUM

CVE-2025-52886

< 25.06.0

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomic_int for reference counting. Because `std::atomic_i

5.9MEDIUM

CVE-2025-43903

< 25.04.0

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potent

4.3MEDIUM

CVE-2025-32365

< 25.04.0

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stre

4.0MEDIUM

CVE-2025-32364

< 25.04.0

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling

4.0MEDIUM

CVE-2024-56378

<= 24.12.0

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2

4.3MEDIUM

CVE-2024-6239

< 24.06.0

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using ce

7.5HIGH

CVE-2022-38349

all versions

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDF

6.5MEDIUM

CVE-2022-37052

all versions

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markO

6.5MEDIUM

CVE-2022-37051

all versions

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function

6.5MEDIUM

CVE-2022-37050

all versions

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABR

6.5MEDIUM

CVE-2020-23804

all versions

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted

7.5HIGH

CVE-2020-18839

all versions

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

6.5MEDIUM

CVE-2020-36024

all versions

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via cra

5.5MEDIUM

CVE-2020-36023

all versions

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via cra

6.5MEDIUM

CVE-2023-34872

< 23.06.0

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via

5.5MEDIUM

CVE-2022-38784

<= 22.08.0

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG

7.8HIGH

CVE-2022-38171

< 22.09.0

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc).

7.8HIGH

CVE-2022-27337

all versions

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted P

6.5MEDIUM

CVE-2021-30860

< 22.09.0

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14

7.8HIGH

CVE-2020-35702

all versions

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later re

7.8HIGH

CVE-2020-27778

< 0.76.0

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by pr

7.5HIGH

CVE-2012-2142

< 0.21.4

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing

7.8HIGH

CVE-2010-4654

< 0.16.3

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

7.8HIGH

CVE-2010-4653

< 0.16.3

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

6.5MEDIUM

CVE-2018-21009

< 0.76.0

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

8.8HIGH

CVE-2019-14494

<= 0.78.0

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternF

7.5HIGH

CVE-2019-9959

<= 0.78.0

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integ

6.5MEDIUM

CVE-2019-12293

<= 0.76.1

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsiste

8.8HIGH

CVE-2019-11026

all versions

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Err

6.5MEDIUM

CVE-2019-10873

all versions

An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/Sp

6.5MEDIUM

CVE-2019-10872

all versions

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splas

8.8HIGH

CVE-2019-10871

all versions

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at P

6.5MEDIUM

CVE-2019-9903

all versions

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find

6.5MEDIUM

CVE-2019-9631

all versions

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

9.8CRITICAL

CVE-2019-9545

all versions

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc,

8.8HIGH

CVE-2019-9543

all versions

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.c

8.8HIGH

CVE-2019-9200

all versions

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be t

8.8HIGH

CVE-2019-7310

all versions

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) al

7.8HIGH

CVE-2018-20662

all versions

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h

6.5MEDIUM

CVE-2018-20650

all versions

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a chec

6.5MEDIUM

CVE-2018-20551

all versions

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of inv

6.5MEDIUM

CVE-2018-20481

all versions

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial o

6.5MEDIUM

CVE-2018-19149

< 0.70.0

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get

6.5MEDIUM

CVE-2018-19060

all versions

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service,

6.5MEDIUM

CVE-2018-19059

all versions

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of

6.5MEDIUM

CVE-2018-19058

all versions

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile:

6.5MEDIUM

CVE-2018-18897

all versions

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstra

6.5MEDIUM

CVE-2018-16646

all versions

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker c

6.5MEDIUM

CVE-2018-13988

<= 0.62.0

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memo

6.5MEDIUM

CVE-2017-18267

<= 0.64.0

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of ser

5.5MEDIUM

CVE-2018-10768

< 0.41.0

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5.

6.5MEDIUM

CVE-2017-1000456

all versions

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculation

8.8HIGH

CVE-2017-15565

all versions

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted

8.8HIGH

CVE-2017-14977

all versions

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to la

7.5HIGH

CVE-2017-14976

all versions

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an o

7.5HIGH

CVE-2017-14975

all versions

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a

7.5HIGH

CVE-2017-14929

all versions

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display

7.5HIGH

CVE-2017-14928

all versions

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF

5.5MEDIUM

CVE-2017-14927

all versions

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafte

5.5MEDIUM

CVE-2017-14926

all versions

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

5.5MEDIUM

CVE-2017-14617

all versions

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack w

7.8HIGH

CVE-2017-14520

all versions

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attac

7.8HIGH

CVE-2017-14519

all versions

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::displa

7.5HIGH

CVE-2017-14518

all versions

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF

7.8HIGH

CVE-2017-14517

all versions

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

5.5MEDIUM

CVE-2017-2820

all versions

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.

8.8HIGH

CVE-2017-2818

all versions

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted P

7.5HIGH

CVE-2017-2814

all versions

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted p

7.5HIGH

CVE-2017-9865

all versions

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stac

5.5MEDIUM

CVE-2017-9776

<= 0.55.0

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to

7.8HIGH

CVE-2017-9775

<= 0.55.0

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (ap

6.5MEDIUM

CVE-2017-7515

<= 0.55.0

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

5.5MEDIUM

CVE-2017-9408

all versions

In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to

6.5MEDIUM

CVE-2017-9406

all versions

In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a den

6.5MEDIUM

CVE-2017-7511

all versions

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

5.5MEDIUM

CVE-2017-9083

all versions

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXSt

6.5MEDIUM

CVE-2015-8868

all versions

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attacke

7.8HIGH

CVE-2010-5110

<= 0.13.2

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2013-4472

<= 0.24.3

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows

CVE-2013-7296

<= 0.24.3

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format

CVE-2013-4474

<= 0.24.1

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers

CVE-2013-4473

<= 0.24.1

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers

CVE-2013-1790

<= 0.22.0

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigg

CVE-2013-1789

<= 0.22.0

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereferenc

CVE-2013-1788

<= 0.22.0

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code

CVE-2010-3704

all versions

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other vers

CVE-2010-3703

all versions

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other v

CVE-2010-3702

>= 0.8.7 and <= 0.15.1

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, k

CVE-2009-3938

all versions

Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and p

CVE-2009-3605

<= 0.10.5

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) o

CVE-2009-3609

<= 0.12.0

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used i

CVE-2009-3608

<= 0.12.0

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as us

CVE-2009-3607

all versions

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers

CVE-2009-3606

all versions

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, m

CVE-2009-3604

all versions

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics K

CVE-2009-3603

<= 0.12.0

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remot

CVE-2009-1188

<= 0.10.5

Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.

CVE-2009-1187

<= 0.10.5

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (cras

CVE-2009-1183

<= 0.10.5

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote

CVE-2009-1182

<= 0.10.5

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and

CVE-2009-1181

<= 0.10.5

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att

CVE-2009-1180

<= 0.10.5

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att

CVE-2009-1179

<= 0.10.5

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other produc

CVE-2009-0800

<= 0.10.5

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,

CVE-2009-0799

<= 0.10.5

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att

CVE-2009-0166

<= 0.10.5

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denia

CVE-2009-0756

<= 0.10.3

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash)

CVE-2009-0755

<= 0.10.3

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash)

CVE-2008-2950

<= 0.8.4

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initializ

CVE-2008-1693

<= 0.7.3

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord,

CVE-2007-3387

< 0.5.91

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf bef

CVE-2005-3626

all versions

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

CVE-2005-3625

all versions

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

CVE-2005-3624

all versions

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and