RSS   Vulnerabilities for 'Poppler'   RSS

2019-09-05
 
CVE-2018-21009

CWE-190
 

 
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

 
2019-08-01
 
CVE-2019-14494

CWE-369
 

 
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

 
2019-07-22
 
CVE-2019-9959

CWE-190
 

 
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

 
2019-05-23
 
CVE-2019-12293

CWE-125
 

 
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

 
2019-04-08
 
CVE-2019-11026

CWE-400
 

 
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

 
2019-04-05
 
CVE-2019-10873

CWE-476
 

 
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

 
 
CVE-2019-10872

 

 
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

 
 
CVE-2019-10871

CWE-125
 

 
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

 
2019-03-21
 
CVE-2019-9903

CWE-400
 

 
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

 
2019-03-08
 
CVE-2019-9631

CWE-125
 

 
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

 


Copyright 2019, cxsecurity.com

 

Back to Top