MidnightBSD

Advisories for freedesktop

CVE-2007-3387 MEDIUM

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
xpdfreader xpdf 3.02
apple cups *
gpdf_project gpdf *
freedesktop poppler *
debian debian_linux 4.0
canonical ubuntu_linux 7.04
canonical ubuntu_linux 6.06
canonical ubuntu_linux 6.10
debian debian_linux 3.1
CVE-2008-0595 MEDIUM

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 2008.0
freedesktop dbus *
redhat enterprise_linux 5.0
mandrakesoft mandrake_linux 2007
mandrakesoft mandrake_linux 2007.1
mandrakesoft mandrake_linux 2007.0_x86_64
redhat enterprise_linux 5
fedoraproject fedora 7
CVE-2008-1658 MEDIUM

Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
freedesktop policykit 0.6
freedesktop policykit *
CVE-2009-1189 LOW

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop dbus 1.0.2
freedesktop dbus 0.31
freedesktop dbus 0.61
freedesktop dbus 0.8
freedesktop dbus 0.20
freedesktop dbus 0.62
freedesktop dbus 0.90
freedesktop dbus 0.60
freedesktop dbus 0.92
freedesktop dbus 1.1.20
freedesktop dbus 0.21
freedesktop dbus 0.35.1
freedesktop dbus 0.3
freedesktop dbus 1.1.2
freedesktop dbus 0.34
freedesktop dbus 1.1.4
freedesktop dbus 0.36.2
freedesktop dbus 0.36.1
freedesktop dbus 1.1.0
freedesktop dbus 0.6
freedesktop dbus 0.33
freedesktop dbus *
freedesktop dbus 0.23.2
freedesktop dbus 0.9
freedesktop dbus 0.35.2
freedesktop dbus 0.10
freedesktop dbus 1.1.1
freedesktop dbus 0.1
freedesktop dbus 0.12
freedesktop dbus 0.5
freedesktop dbus 0.91
freedesktop dbus 0.36
freedesktop dbus 0.7
freedesktop dbus 0.23
freedesktop dbus 0.23.3
freedesktop dbus 1.0
freedesktop dbus 1.2.1
freedesktop dbus 0.4
freedesktop dbus 0.35
freedesktop dbus 0.23.1
freedesktop dbus 0.2
freedesktop dbus 0.13
freedesktop dbus 0.11
freedesktop dbus 0.22
freedesktop dbus 0.32
freedesktop dbus 0.50
CVE-2010-0750 LOW

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freedesktop policykit 0.96
CVE-2010-1149 LOW

probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freedesktop udisks *
CVE-2010-1172 LOW

DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freedesktop dbus-glib 0.73
CVE-2010-3702 HIGH

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 13
canonical ubuntu_linux 10.10
xpdfreader xpdf 3.02
canonical ubuntu_linux 10.04
debian debian_linux 6.0
freedesktop poppler *
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
opensuse opensuse 11.3
xpdfreader xpdf *
apple cups *
fedoraproject fedora 12
canonical ubuntu_linux 6.06
fedoraproject fedora 14
redhat enterprise_linux_desktop 5.0
suse linux_enterprise_server 10
debian debian_linux 5.0
suse linux_enterprise_server 9
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
canonical ubuntu_linux 9.10
opensuse opensuse 11.2
opensuse opensuse 11.1
redhat enterprise_linux_workstation 5.0
CVE-2010-4653 MEDIUM

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freedesktop poppler *
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2011-1000 MEDIUM

jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop telepathy_gabble 0.8.6
freedesktop telepathy_gabble 0.8.12
freedesktop telepathy_gabble 0.10.3
freedesktop telepathy_gabble 0.8.11
freedesktop telepathy_gabble 0.11.5
freedesktop telepathy_gabble 0.10.1
freedesktop telepathy_gabble 0.10.2
freedesktop telepathy_gabble 0.8
freedesktop telepathy_gabble 0.11.6
freedesktop telepathy_gabble 0.10
freedesktop telepathy_gabble 0.11.1
freedesktop telepathy_gabble 0.8.8
freedesktop telepathy_gabble 0.11.3
freedesktop telepathy_gabble 0.8.10
freedesktop telepathy_gabble 0.8.3
freedesktop telepathy_gabble 0.8.13
freedesktop telepathy_gabble 0.8.5
freedesktop telepathy_gabble 0.8.14
freedesktop telepathy_gabble 0.10.4
freedesktop telepathy_gabble 0.8.7
freedesktop telepathy_gabble 0.11.2
freedesktop telepathy_gabble 0.8.1
freedesktop telepathy_gabble 0.8.2
freedesktop telepathy_gabble 0.8.9
freedesktop telepathy_gabble 0.8.4
freedesktop telepathy_gabble 0.11
freedesktop telepathy_gabble 0.11.4
CVE-2011-2200 MEDIUM

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop dbus 1.5.2
freedesktop dbus 1.2.2
freedesktop dbus 1.2.20
freedesktop dbus 1.2.10
freedesktop dbus 1.4.6
freedesktop dbus 1.2.3
freedesktop dbus 1.4.8
freedesktop dbus 1.2.12
freedesktop dbus 1.2.8
freedesktop dbus 1.2.18
freedesktop dbus 1.2.22
freedesktop dbus 1.5.0
d-bus_project d-bus 1.2.4.4
freedesktop dbus 1.2.4
d-bus_project d-bus 1.2.4.6
freedesktop dbus 1.4.1
freedesktop dbus 1.4.4
freedesktop dbus 1.2.14
freedesktop dbus 1.2.24
freedesktop dbus 1.2.26
freedesktop dbus 1.2.6
freedesktop dbus 1.2.16
freedesktop dbus 1.2.1
freedesktop dbus 1.4.0
d-bus_project d-bus 1.2.4.2
freedesktop dbus 1.4.10
CVE-2011-2533 LOW

The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
freedesktop dbus 1.2.20
freedesktop dbus 1.2.10
freedesktop dbus 1.2.14
freedesktop dbus 1.2.3
freedesktop dbus 1.2.12
freedesktop dbus 1.2.24
freedesktop dbus 1.2.26
freedesktop dbus 1.2.8
freedesktop dbus 1.2.18
freedesktop dbus 1.2.6
freedesktop dbus 1.2.22
freedesktop dbus 1.2.16
freedesktop dbus 1.2.1
freedesktop dbus 1.2.4
CVE-2011-4349 MEDIUM

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
freedesktop colord *
freedesktop colord 0.1.8
freedesktop colord 0.1.12
freedesktop colord 0.1.1
freedesktop colord 0.1.11
freedesktop colord 0.1.10
freedesktop colord 0.1.2
freedesktop colord 0.1.3
freedesktop colord 0.1.9
freedesktop colord 0.1.13
freedesktop colord 0.1.7
freedesktop colord 0.1.6
freedesktop colord 0.1.5
freedesktop colord 0.1.4
freedesktop colord 0.1.0
CVE-2012-3524 MEDIUM

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freedesktop libdbus 1.5.4
freedesktop libdbus 1.5.10
freedesktop libdbus 1.5.0
freedesktop libdbus 1.5.8
freedesktop libdbus 1.5.2
freedesktop libdbus 1.5.6
freedesktop libdbus *
CVE-2012-4425 MEDIUM

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freedesktop spice-gtk -
gtk libgio -
CVE-2013-0292 HIGH

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop dbus-glib 0.90
freedesktop dbus-glib 0.94
freedesktop dbus-glib 0.74
freedesktop dbus-glib 0.92
freedesktop dbus-glib *
freedesktop dbus-glib 0.86
freedesktop dbus-glib 0.88
freedesktop dbus-glib 0.84
freedesktop dbus-glib 0.96
freedesktop dbus-glib 0.72
freedesktop dbus-glib 0.73
freedesktop dbus-glib 0.76
freedesktop dbus-glib 0.82
freedesktop dbus-glib 0.80
freedesktop dbus-glib 0.78
freedesktop dbus-glib 0.98
CVE-2013-1788 MEDIUM

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2013-1789 MEDIUM

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2013-1790 MEDIUM

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2013-2168 LOW

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop dbus 1.4.4
freedesktop dbus 1.7.0
freedesktop dbus 1.4.12
freedesktop dbus 1.6.6
freedesktop dbus 1.4.6
freedesktop dbus 1.4.8
freedesktop dbus 1.4.24
freedesktop dbus 1.6.2
freedesktop dbus 1.4.20
freedesktop dbus 1.6.10
freedesktop dbus 1.4.18
freedesktop dbus 1.7.2
freedesktop dbus 1.6.4
freedesktop dbus 1.6.0
opensuse opensuse 12.3
freedesktop dbus 1.4.0
freedesktop dbus 1.4.10
freedesktop dbus 1.6.8
freedesktop dbus 1.6.16
freedesktop dbus 1.4.1
freedesktop dbus 1.4.14
freedesktop dbus 1.4.16
CVE-2013-4472 LOW

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
freedesktop poppler 0.24.1
freedesktop poppler *
freedesktop poppler 0.24.2
freedesktop poppler 0.24.0
CVE-2013-4473 HIGH

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop poppler 0.8.4
freedesktop poppler 0.3.3
freedesktop poppler 0.8.2
freedesktop poppler 0.20.5
freedesktop poppler 0.18.0
freedesktop poppler 0.12.1
freedesktop poppler 0.4.4
freedesktop poppler 0.22.0
freedesktop poppler 0.20.0
freedesktop poppler 0.19.0
freedesktop poppler 0.13.2
freedesktop poppler 0.21.4
freedesktop poppler 0.22.2
freedesktop poppler 0.15.0
freedesktop poppler 0.11.1
freedesktop poppler 0.20.1
freedesktop poppler 0.23.4
freedesktop poppler 0.10.7
freedesktop poppler 0.12.0
freedesktop poppler 0.15.1
freedesktop poppler 0.3.2
freedesktop poppler 0.21.1
freedesktop poppler 0.5.2
freedesktop poppler 0.8.5
freedesktop poppler 0.6.1
freedesktop poppler 0.1.1
freedesktop poppler 0.18.4
freedesktop poppler 0.16.5
freedesktop poppler 0.5.91
freedesktop poppler 0.20.3
freedesktop poppler 0.16.6
freedesktop poppler 0.23.0
freedesktop poppler 0.12.2
freedesktop poppler 0.7.1
freedesktop poppler 0.6.0
freedesktop poppler 0.7.3
freedesktop poppler 0.11.3
freedesktop poppler *
freedesktop poppler 0.19.2
freedesktop poppler 0.10.4
freedesktop poppler 0.15.3
freedesktop poppler 0.12.4
freedesktop poppler 0.17.0
freedesktop poppler 0.23.2
freedesktop poppler 0.20.2
freedesktop poppler 0.17.4
freedesktop poppler 0.16.1
freedesktop poppler 0.14.3
freedesktop poppler 0.21.0
freedesktop poppler 0.24.0
freedesktop poppler 0.21.3
freedesktop poppler 0.3.1
freedesktop poppler 0.9.3
freedesktop poppler 0.10.5
freedesktop poppler 0.19.3
freedesktop poppler 0.20.4
freedesktop poppler 0.13.4
freedesktop poppler 0.4.0
freedesktop poppler 0.21.2
freedesktop poppler 0.1
freedesktop poppler 0.14.1
freedesktop poppler 0.16.7
freedesktop poppler 0.10.0
freedesktop poppler 0.8.0
freedesktop poppler 0.16.2
freedesktop poppler 0.2.0
freedesktop poppler 0.17.2
freedesktop poppler 0.8.3
freedesktop poppler 0.5.4
freedesktop poppler 0.5.1
canonical ubuntu_linux 14.04
freedesktop poppler 0.12.3
freedesktop poppler 0.10.6
freedesktop poppler 0.22.1
freedesktop poppler 0.5.9
freedesktop poppler 0.3.0
freedesktop poppler 0.14.2
canonical ubuntu_linux 12.04
freedesktop poppler 0.18.3
freedesktop poppler 0.22.3
freedesktop poppler 0.18.2
freedesktop poppler 0.5.0
freedesktop poppler 0.4.3
freedesktop poppler 0.10.1
freedesktop poppler 0.23.1
freedesktop poppler 0.22.4
freedesktop poppler 0.23.3
freedesktop poppler 0.19.4
freedesktop poppler 0.16.4
freedesktop poppler 0.5.90
freedesktop poppler 0.15.2
canonical ubuntu_linux 15.10
freedesktop poppler 0.14.4
freedesktop poppler 0.18.1
freedesktop poppler 0.1.2
freedesktop poppler 0.13.1
freedesktop poppler 0.7.2
freedesktop poppler 0.6.3
freedesktop poppler 0.4.2
freedesktop poppler 0.5.3
freedesktop poppler 0.4.1
freedesktop poppler 0.16.3
freedesktop poppler 0.16.0
freedesktop poppler 0.10.3
freedesktop poppler 0.10.2
freedesktop poppler 0.11.0
freedesktop poppler 0.19.1
freedesktop poppler 0.9.2
freedesktop poppler 0.8.7
freedesktop poppler 0.6.2
freedesktop poppler 0.8.6
freedesktop poppler 0.11.2
freedesktop poppler 0.13.3
freedesktop poppler 0.8.1
freedesktop poppler 0.6.4
freedesktop poppler 0.9.0
freedesktop poppler 0.13.0
freedesktop poppler 0.14.5
freedesktop poppler 0.17.3
freedesktop poppler 0.9.1
freedesktop poppler 0.7.0
freedesktop poppler 0.17.1
freedesktop poppler 0.14.0
CVE-2013-4474 MEDIUM

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop poppler 0.8.4
freedesktop poppler 0.3.3
freedesktop poppler 0.8.2
freedesktop poppler 0.20.5
freedesktop poppler 0.18.0
freedesktop poppler 0.12.1
freedesktop poppler 0.4.4
freedesktop poppler 0.22.0
freedesktop poppler 0.20.0
freedesktop poppler 0.19.0
freedesktop poppler 0.13.2
freedesktop poppler 0.21.4
freedesktop poppler 0.22.2
freedesktop poppler 0.15.0
freedesktop poppler 0.11.1
freedesktop poppler 0.20.1
freedesktop poppler 0.23.4
freedesktop poppler 0.10.7
freedesktop poppler 0.12.0
freedesktop poppler 0.15.1
freedesktop poppler 0.3.2
freedesktop poppler 0.21.1
freedesktop poppler 0.5.2
freedesktop poppler 0.8.5
freedesktop poppler 0.6.1
freedesktop poppler 0.1.1
freedesktop poppler 0.18.4
freedesktop poppler 0.16.5
freedesktop poppler 0.5.91
freedesktop poppler 0.20.3
freedesktop poppler 0.16.6
freedesktop poppler 0.23.0
freedesktop poppler 0.12.2
freedesktop poppler 0.7.1
freedesktop poppler 0.6.0
freedesktop poppler 0.7.3
freedesktop poppler 0.11.3
freedesktop poppler *
freedesktop poppler 0.19.2
freedesktop poppler 0.10.4
freedesktop poppler 0.15.3
freedesktop poppler 0.12.4
freedesktop poppler 0.17.0
freedesktop poppler 0.23.2
freedesktop poppler 0.20.2
freedesktop poppler 0.17.4
freedesktop poppler 0.16.1
freedesktop poppler 0.14.3
freedesktop poppler 0.21.0
freedesktop poppler 0.24.0
freedesktop poppler 0.21.3
freedesktop poppler 0.3.1
freedesktop poppler 0.9.3
freedesktop poppler 0.10.5
freedesktop poppler 0.19.3
freedesktop poppler 0.20.4
freedesktop poppler 0.13.4
freedesktop poppler 0.4.0
freedesktop poppler 0.21.2
freedesktop poppler 0.1
freedesktop poppler 0.14.1
freedesktop poppler 0.16.7
freedesktop poppler 0.10.0
freedesktop poppler 0.8.0
freedesktop poppler 0.16.2
freedesktop poppler 0.2.0
freedesktop poppler 0.17.2
freedesktop poppler 0.8.3
freedesktop poppler 0.5.4
freedesktop poppler 0.5.1
canonical ubuntu_linux 14.04
freedesktop poppler 0.12.3
freedesktop poppler 0.10.6
freedesktop poppler 0.22.1
freedesktop poppler 0.5.9
freedesktop poppler 0.3.0
freedesktop poppler 0.14.2
canonical ubuntu_linux 12.04
freedesktop poppler 0.18.3
freedesktop poppler 0.22.3
freedesktop poppler 0.18.2
freedesktop poppler 0.5.0
freedesktop poppler 0.4.3
freedesktop poppler 0.10.1
freedesktop poppler 0.23.1
freedesktop poppler 0.22.4
freedesktop poppler 0.23.3
freedesktop poppler 0.19.4
freedesktop poppler 0.16.4
freedesktop poppler 0.5.90
freedesktop poppler 0.15.2
canonical ubuntu_linux 15.10
freedesktop poppler 0.14.4
freedesktop poppler 0.18.1
freedesktop poppler 0.1.2
freedesktop poppler 0.13.1
freedesktop poppler 0.7.2
freedesktop poppler 0.6.3
freedesktop poppler 0.4.2
freedesktop poppler 0.5.3
freedesktop poppler 0.4.1
freedesktop poppler 0.16.3
freedesktop poppler 0.16.0
freedesktop poppler 0.10.3
freedesktop poppler 0.10.2
freedesktop poppler 0.11.0
freedesktop poppler 0.19.1
freedesktop poppler 0.9.2
freedesktop poppler 0.8.7
freedesktop poppler 0.6.2
freedesktop poppler 0.8.6
freedesktop poppler 0.11.2
freedesktop poppler 0.13.3
freedesktop poppler 0.8.1
freedesktop poppler 0.6.4
freedesktop poppler 0.9.0
freedesktop poppler 0.13.0
freedesktop poppler 0.14.5
freedesktop poppler 0.17.3
freedesktop poppler 0.9.1
freedesktop poppler 0.7.0
freedesktop poppler 0.17.1
freedesktop poppler 0.14.0
CVE-2013-7296 MEDIUM

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop poppler 0.14.1
freedesktop poppler 0.16.7
freedesktop poppler 0.10.0
freedesktop poppler 0.16.2
freedesktop poppler 0.2.0
freedesktop poppler 0.17.2
freedesktop poppler 0.20.5
freedesktop poppler 0.18.0
freedesktop poppler 0.12.1
freedesktop poppler 0.12.3
freedesktop poppler 0.10.6
freedesktop poppler 0.22.0
freedesktop poppler 0.22.1
freedesktop poppler 0.20.0
freedesktop poppler 0.19.0
freedesktop poppler 0.13.2
freedesktop poppler 0.21.4
freedesktop poppler 0.22.2
freedesktop poppler 0.15.0
freedesktop poppler 0.11.1
freedesktop poppler 0.14.2
freedesktop poppler 0.20.1
freedesktop poppler 0.23.4
freedesktop poppler 0.18.3
freedesktop poppler 0.22.3
freedesktop poppler 0.18.2
freedesktop poppler 0.10.7
freedesktop poppler 0.10.1
freedesktop poppler 0.12.0
freedesktop poppler 0.15.1
freedesktop poppler 0.23.1
freedesktop poppler 0.22.4
freedesktop poppler 0.23.3
freedesktop poppler 0.19.4
freedesktop poppler 0.16.4
freedesktop poppler 0.21.1
freedesktop poppler 0.15.2
freedesktop poppler 0.1.1
freedesktop poppler 0.18.4
freedesktop poppler 0.16.5
freedesktop poppler 0.20.3
freedesktop poppler 0.14.4
freedesktop poppler 0.18.1
freedesktop poppler 0.1.2
freedesktop poppler 0.16.6
freedesktop poppler 0.23.0
freedesktop poppler 0.24.1
freedesktop poppler 0.12.2
freedesktop poppler 0.13.1
freedesktop poppler 0.11.3
freedesktop poppler *
freedesktop poppler 0.19.2
freedesktop poppler 0.10.4
freedesktop poppler 0.15.3
freedesktop poppler 0.12.4
freedesktop poppler 0.16.3
freedesktop poppler 0.16.0
freedesktop poppler 0.17.0
freedesktop poppler 0.23.2
freedesktop poppler 0.10.3
freedesktop poppler 0.20.2
freedesktop poppler 0.10.2
freedesktop poppler 0.11.0
freedesktop poppler 0.17.4
freedesktop poppler 0.19.1
freedesktop poppler 0.16.1
freedesktop poppler 0.14.3
freedesktop poppler 0.21.0
freedesktop poppler 0.24.0
freedesktop poppler 0.21.3
freedesktop poppler 0.11.2
freedesktop poppler 0.10.5
freedesktop poppler 0.13.3
freedesktop poppler 0.19.3
freedesktop poppler 0.13.0
freedesktop poppler 0.24.2
freedesktop poppler 0.14.5
freedesktop poppler 0.17.3
freedesktop poppler 0.20.4
freedesktop poppler 0.13.4
freedesktop poppler 0.21.2
freedesktop poppler 0.1
freedesktop poppler 0.17.1
freedesktop poppler 0.14.0
CVE-2014-0004 MEDIUM

Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.10
freedesktop udisks *
freedesktop udisks 1.0.1
freedesktop udisks 2.0.90
freedesktop udisks 2.0.92
freedesktop udisks 2.1.2
canonical ubuntu_linux 12.04
freedesktop udisks 2.0.0
freedesktop udisks 2.0.91
freedesktop udisks 2.1.1
freedesktop udisks 1.0
freedesktop udisks 2.1.0
freedesktop udisks 2.0.1
CVE-2014-3477 LOW

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
freedesktop dbus 1.4.22
freedesktop dbus 1.2.20
freedesktop dbus 1.2.10
freedesktop dbus 1.6.6
freedesktop dbus 1.4.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.2.3
freedesktop dbus 1.4.8
freedesktop dbus 1.2.12
freedesktop dbus 1.2.8
freedesktop dbus 1.2.18
freedesktop dbus 1.2.22
freedesktop dbus 1.6.2
freedesktop dbus 1.4.20
d-bus_project d-bus 1.2.4.4
freedesktop dbus 1.6.18
freedesktop dbus 1.6.4
freedesktop dbus 1.2.4
d-bus_project d-bus 1.2.4.6
freedesktop dbus 1.6.16
freedesktop dbus 1.4.1
freedesktop dbus 1.4.4
freedesktop dbus 1.3.0
freedesktop dbus 1.4.12
freedesktop dbus 1.2.14
freedesktop dbus 1.6.12
freedesktop dbus 1.2.24
freedesktop dbus 1.2.26
freedesktop dbus 1.3.1
freedesktop dbus 1.4.26
freedesktop dbus 1.4.24
freedesktop dbus 1.2.28
freedesktop dbus 1.2.6
freedesktop dbus 1.6.10
freedesktop dbus 1.2.16
freedesktop dbus 1.2.1
freedesktop dbus 1.4.18
freedesktop dbus 1.2.30
freedesktop dbus 1.6.0
freedesktop dbus 1.4.0
freedesktop dbus 1.8.2
d-bus_project d-bus 1.2.4.2
freedesktop dbus 1.4.10
freedesktop dbus 1.6.8
freedesktop dbus 1.4.14
freedesktop dbus 1.4.16
CVE-2014-3532 LOW

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop dbus *
mageia mageia 3.0
debian debian_linux 7.0
opensuse opensuse 12.3
mageia mageia 4.0
oracle solaris 11.3
CVE-2014-3533 LOW

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop dbus 1.5.2
freedesktop dbus 1.4.22
debian debian_linux 7.0
freedesktop dbus 1.5.10
freedesktop dbus 1.4.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.4.8
freedesktop dbus 1.6.20
freedesktop dbus 1.6.2
freedesktop dbus 1.4.20
freedesktop dbus 1.5.0
freedesktop dbus 1.6.18
mageia_project mageia 3
opensuse opensuse 12.3
freedesktop dbus 1.5.6
freedesktop dbus 1.6.16
freedesktop dbus 1.4.1
freedesktop dbus 1.5.8
freedesktop dbus 1.4.4
freedesktop dbus 1.3.0
freedesktop dbus 1.4.12
freedesktop dbus 1.5.12
freedesktop dbus 1.8.4
freedesktop dbus 1.6.12
freedesktop dbus 1.3.1
freedesktop dbus 1.4.26
freedesktop dbus 1.4.24
freedesktop dbus 1.6.10
mageia_project mageia 4
freedesktop dbus 1.4.18
freedesktop dbus 1.6.0
freedesktop dbus 1.5.4
freedesktop dbus 1.4.0
freedesktop dbus 1.8.2
freedesktop dbus 1.4.10
freedesktop dbus 1.4.14
freedesktop dbus 1.4.16
CVE-2014-3635 MEDIUM

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop dbus 1.6.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.8.4
freedesktop dbus 1.6.12
freedesktop dbus 1.6.20
freedesktop dbus 1.6.2
freedesktop dbus 1.6.10
freedesktop dbus 1.6.18
freedesktop dbus 1.8.6
freedesktop dbus 1.6.4
freedesktop dbus 1.6.0
opensuse opensuse 12.3
freedesktop dbus 1.8.2
d-bus_project d-bus *
freedesktop dbus 1.6.8
freedesktop dbus 1.6.16
CVE-2014-3636 LOW

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freedesktop dbus 1.8.6
freedesktop dbus 1.8.0
opensuse opensuse 12.3
freedesktop dbus 1.8.4
freedesktop dbus 1.8.2
d-bus_project d-bus *
CVE-2014-3637 LOW

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.

CVSS 2.0

Severity: LOW

Problem Type: CWE-17,

Products Affected

Vendor Product Version
freedesktop dbus 1.5.2
freedesktop dbus 1.4.22
freedesktop dbus 1.6.6
freedesktop dbus 1.5.10
freedesktop dbus 1.4.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.4.8
freedesktop dbus 1.6.20
freedesktop dbus 1.6.2
freedesktop dbus 1.4.20
freedesktop dbus 1.5.0
freedesktop dbus 1.6.18
freedesktop dbus 1.8.6
freedesktop dbus 1.6.4
opensuse opensuse 12.3
freedesktop dbus 1.5.6
freedesktop dbus 1.6.16
freedesktop dbus 1.4.1
freedesktop dbus 1.5.8
freedesktop dbus 1.4.4
freedesktop dbus 1.3.0
freedesktop dbus 1.4.12
freedesktop dbus 1.5.12
freedesktop dbus 1.8.4
freedesktop dbus 1.6.12
freedesktop dbus 1.3.1
freedesktop dbus 1.4.26
freedesktop dbus 1.4.24
freedesktop dbus 1.6.10
freedesktop dbus 1.4.18
freedesktop dbus 1.6.0
freedesktop dbus 1.5.4
freedesktop dbus 1.4.0
freedesktop dbus 1.8.2
freedesktop dbus 1.6.22
freedesktop dbus 1.4.10
freedesktop dbus 1.6.8
freedesktop dbus 1.4.14
freedesktop dbus 1.4.16
CVE-2014-3638 LOW

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freedesktop dbus 1.6.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.8.4
freedesktop dbus 1.6.12
freedesktop dbus 1.6.20
freedesktop dbus 1.6.2
freedesktop dbus 1.6.10
freedesktop dbus 1.6.18
freedesktop dbus 1.8.6
freedesktop dbus 1.6.4
freedesktop dbus 1.6.0
opensuse opensuse 12.3
freedesktop dbus 1.8.2
d-bus_project d-bus *
freedesktop dbus 1.6.8
freedesktop dbus 1.6.16
CVE-2014-3639 LOW

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freedesktop dbus 1.6.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.8.4
freedesktop dbus 1.6.12
freedesktop dbus 1.6.20
freedesktop dbus 1.6.2
freedesktop dbus 1.6.10
freedesktop dbus 1.6.18
freedesktop dbus 1.8.6
freedesktop dbus 1.6.4
freedesktop dbus 1.6.0
opensuse opensuse 12.3
freedesktop dbus 1.8.2
d-bus_project d-bus *
freedesktop dbus 1.6.8
freedesktop dbus 1.6.16
CVE-2014-7824 LOW

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop dbus 1.6.6
freedesktop dbus 1.6.14
freedesktop dbus 1.8.0
freedesktop dbus 1.6.24
canonical ubuntu_linux 14.10
freedesktop dbus 1.6.20
freedesktop dbus 1.6.2
canonical ubuntu_linux 14.04
freedesktop dbus 1.6.18
freedesktop dbus 1.8.6
freedesktop dbus 1.6.4
mageia_project mageia 3
freedesktop dbus 1.6.16
freedesktop dbus 1.8.4
freedesktop dbus 1.6.12
canonical ubuntu_linux 12.04
freedesktop dbus 1.6.10
mageia_project mageia 4
freedesktop dbus 1.8.8
freedesktop dbus 1.6.0
freedesktop dbus 1.8.2
freedesktop dbus 1.6.22
freedesktop dbus 1.9.0
debian debian_linux 8.0
freedesktop dbus 1.6.8
CVE-2015-0245 LOW

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
freedesktop dbus 1.4.6
freedesktop dbus 1.8.0
freedesktop dbus 1.9.8
freedesktop dbus 1.4.8
freedesktop dbus 1.6.20
freedesktop dbus 1.4.20
freedesktop dbus 1.5.0
freedesktop dbus 1.6.4
freedesktop dbus 1.8.12
freedesktop dbus 1.5.6
freedesktop dbus 1.4.4
freedesktop dbus 1.4.12
opensuse opensuse 13.2
freedesktop dbus 1.6.12
freedesktop dbus 1.4.24
freedesktop dbus 1.6.10
freedesktop dbus 1.4.18
freedesktop dbus 1.8.8
freedesktop dbus 1.9.0
freedesktop dbus 1.4.10
freedesktop dbus 1.4.16
freedesktop dbus 1.5.2
freedesktop dbus 1.6.6
freedesktop dbus 1.5.10
freedesktop dbus 1.6.14
freedesktop dbus 1.6.28
freedesktop dbus 1.6.24
freedesktop dbus 1.9.6
freedesktop dbus 1.8.10
freedesktop dbus 1.6.2
freedesktop dbus 1.6.18
freedesktop dbus 1.8.6
freedesktop dbus 1.9.4
freedesktop dbus 1.6.16
freedesktop dbus 1.4.1
freedesktop dbus 1.5.8
freedesktop dbus 1.9.2
freedesktop dbus 1.5.12
freedesktop dbus 1.6.26
freedesktop dbus 1.8.4
freedesktop dbus 1.4.26
freedesktop dbus 1.8.14
freedesktop dbus 1.6.0
freedesktop dbus 1.5.4
freedesktop dbus 1.4.0
freedesktop dbus 1.8.2
freedesktop dbus 1.6.22
freedesktop dbus 1.6.8
freedesktop dbus 1.4.14
CVE-2015-1877 MEDIUM

The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop xdg-utils 1.1.0
debian debian_linux 8.0
CVE-2015-8868 HIGH

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
debian debian_linux 8.0
fedoraproject fedora 23
freedesktop poppler 0.39.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
CVE-2016-2090 HIGH

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 24
canonical ubuntu_linux 18.04
freedesktop libbsd *
canonical ubuntu_linux 19.04
fedoraproject fedora 25
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
CVE-2016-2568 MEDIUM

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
freedesktop polkit *
redhat enterprise_linux 7.0
CVE-2017-1000456 MEDIUM

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop poppler 0.60.1
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-14517 MEDIUM

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14518 MEDIUM

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14519 MEDIUM

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14520 MEDIUM

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14617 MEDIUM

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14926 MEDIUM

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
debian debian_linux 9.0
CVE-2017-14927 MEDIUM

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14928 MEDIUM

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
debian debian_linux 9.0
CVE-2017-14929 MEDIUM

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
freedesktop poppler 0.59.0
CVE-2017-14975 MEDIUM

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop poppler 0.59.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-14976 MEDIUM

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop poppler 0.59.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-14977 MEDIUM

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop poppler 0.59.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-15131 MEDIUM

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-276,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
freedesktop xdg-user-dirs *
CVE-2017-15565 MEDIUM

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 7.0
freedesktop poppler 0.59.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-18266 MEDIUM

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
freedesktop xdg-utils *
debian debian_linux 7.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
CVE-2017-18267 MEDIUM

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
redhat ansible_tower 3.3
canonical ubuntu_linux 18.04
freedesktop poppler *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2017-2626 LOW

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

CVSS 2.0

Severity: LOW

Problem Type: CWE-331,CWE-331,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
freedesktop libice *
CVE-2017-2814 MEDIUM

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop poppler 0.53.0
CVE-2017-2818 MEDIUM

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedesktop poppler 0.53.0
CVE-2017-2820 MEDIUM

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freedesktop poppler 0.53.0
CVE-2017-6355 LOW

Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freedesktop virglrenderer *
CVE-2017-7511 MEDIUM

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.20.5
freedesktop poppler 0.18.0
freedesktop poppler 0.29.0
freedesktop poppler 0.42.0
freedesktop poppler 0.22.0
freedesktop poppler 0.22.1
freedesktop poppler 0.20.0
freedesktop poppler 0.19.0
freedesktop poppler 0.21.4
freedesktop poppler 0.22.2
freedesktop poppler 0.31.0
freedesktop poppler 0.33.0
freedesktop poppler 0.54.0
freedesktop poppler 0.45.0
freedesktop poppler 0.20.1
freedesktop poppler 0.23.4
freedesktop poppler 0.25.1
freedesktop poppler 0.39.0
freedesktop poppler 0.43.0
freedesktop poppler 0.26.5
freedesktop poppler 0.18.3
freedesktop poppler 0.22.3
freedesktop poppler 0.26.3
freedesktop poppler 0.53.0
freedesktop poppler 0.18.2
freedesktop poppler 0.52.0
freedesktop poppler 0.23.1
freedesktop poppler 0.22.4
freedesktop poppler 0.23.3
freedesktop poppler 0.19.4
freedesktop poppler 0.50.0
freedesktop poppler 0.24.4
freedesktop poppler 0.21.1
freedesktop poppler 0.26.4
freedesktop poppler 0.37.0
freedesktop poppler 0.55.0
freedesktop poppler 0.30.0
freedesktop poppler 0.18.4
freedesktop poppler 0.47.0
freedesktop poppler 0.25.0
freedesktop poppler 0.44.0
freedesktop poppler 0.20.3
freedesktop poppler 0.49.0
freedesktop poppler 0.26.2
freedesktop poppler 0.18.1
freedesktop poppler 0.23.0
freedesktop poppler 0.46.0
freedesktop poppler 0.24.1
freedesktop poppler 0.25.3
freedesktop poppler 0.38.0
freedesktop poppler 0.22.5
freedesktop poppler 0.28.1
freedesktop poppler 0.26.1
freedesktop poppler 0.28.0
freedesktop poppler 0.19.2
freedesktop poppler 0.36.0
freedesktop poppler 0.24.3
freedesktop poppler 0.23.2
freedesktop poppler 0.20.2
freedesktop poppler 0.35.0
freedesktop poppler 0.17.4
freedesktop poppler 0.19.1
freedesktop poppler 0.21.0
freedesktop poppler 0.24.0
freedesktop poppler 0.21.3
freedesktop poppler 0.41.0
freedesktop poppler 0.32.0
freedesktop poppler 0.19.3
freedesktop poppler 0.25.2
freedesktop poppler 0.24.2
freedesktop poppler 0.17.3
freedesktop poppler 0.20.4
freedesktop poppler 0.26.0
freedesktop poppler 0.21.2
freedesktop poppler 0.48.0
freedesktop poppler 0.34.0
freedesktop poppler 0.40.0
freedesktop poppler 0.24.5
freedesktop poppler 0.51.0
CVE-2017-7515 MEDIUM

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2017-9083 MEDIUM

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.54.0
CVE-2017-9406 MEDIUM

In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
freedesktop poppler 0.54.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-9408 MEDIUM

In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
freedesktop poppler 0.54.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-9775 MEDIUM

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.4
freedesktop poppler *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.4
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.5
CVE-2017-9776 MEDIUM

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 7.4
freedesktop poppler *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.4
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.5
CVE-2017-9865 MEDIUM

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freedesktop poppler 0.54.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-10768 MEDIUM

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat ansible_tower 3.3
freedesktop poppler *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 14.04
CVE-2018-13988 MEDIUM

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
freedesktop poppler *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat openshift_container_platform 3.11
canonical ubuntu_linux 14.04
redhat ansible_tower 3.3.0
CVE-2018-14036 MEDIUM

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
freedesktop accountsservice *
CVE-2018-16646 MEDIUM

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
freedesktop poppler 0.68.0
canonical ubuntu_linux 14.04
CVE-2018-17336 MEDIUM

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
freedesktop udisks 2.8.0
CVE-2018-18897 MEDIUM

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.4
freedesktop poppler 0.71.0
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server 7.0
debian debian_linux 10.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.2
CVE-2018-19058 MEDIUM

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-670,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop poppler 0.71.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_server 7.0
debian debian_linux 10.0
redhat enterprise_linux_desktop 7.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
CVE-2018-19059 MEDIUM

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop poppler 0.71.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-19060 MEDIUM

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop poppler 0.71.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-19149 MEDIUM

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
freedesktop poppler *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-20481 MEDIUM

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop poppler 0.72.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-20551 MEDIUM

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop poppler 0.72.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-20650 MEDIUM

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop poppler 0.72.0
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 8.4
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server 7.0
debian debian_linux 10.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 8.2
debian debian_linux 9.0
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.2
CVE-2018-20662 MEDIUM

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.4
fedoraproject fedora 28
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.4
fedoraproject fedora 29
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server 7.0
redhat enterprise_linux_eus 8.2
debian debian_linux 9.0
redhat enterprise_linux_server_aus 8.6
freedesktop poppler 0.72.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_desktop 7.0
fedoraproject fedora 30
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_aus 8.2
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
CVE-2018-21009 MEDIUM

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2019-10871 MEDIUM

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freedesktop poppler 0.74.0
CVE-2019-10872 MEDIUM

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freedesktop poppler 0.74.0
CVE-2019-10873 MEDIUM

An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freedesktop poppler 0.74.0
CVE-2019-11026 MEDIUM

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
fedoraproject fedora 29
fedoraproject fedora 30
freedesktop poppler 0.75.0
fedoraproject fedora 28
CVE-2019-12293 MEDIUM

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2019-12749 LOW

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
freedesktop dbus *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 16.04
CVE-2019-14494 MEDIUM

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
freedesktop poppler *
debian debian_linux 10.0
fedoraproject fedora 31
redhat enterprise_linux 8.0
fedoraproject fedora 30
redhat enterprise_linux 7.0
debian debian_linux 9.0
CVE-2019-20367 MEDIUM

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
freedesktop libbsd *
opensuse leap 15.1
canonical ubuntu_linux 19.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
CVE-2019-7310 MEDIUM

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-681,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
freedesktop poppler 0.73.0
redhat enterprise_linux 8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 8.4
canonical ubuntu_linux 14.04
fedoraproject fedora 28
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 8.2
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.2
CVE-2019-9200 MEDIUM

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
freedesktop poppler 0.74.0
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2019-9543 MEDIUM

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
freedesktop poppler 0.74.0
CVE-2019-9545 MEDIUM

An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
freedesktop poppler 0.74.0
CVE-2019-9631 HIGH

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 29
freedesktop poppler 0.74.0
fedoraproject fedora 30
debian debian_linux 8.0
fedoraproject fedora 28
CVE-2019-9903 MEDIUM

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
freedesktop poppler 0.74.0
redhat enterprise_linux 8.0
fedoraproject fedora 30
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 8.4
fedoraproject fedora 28
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.4
fedoraproject fedora 29
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
debian debian_linux 10.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.2
CVE-2019-9959 MEDIUM

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
fedoraproject fedora 30
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.4
fedoraproject fedora 29
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
freedesktop poppler *
debian debian_linux 10.0
debian debian_linux 8.0
redhat enterprise_linux_eus 8.2
debian debian_linux 9.0
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.2
CVE-2020-12049 MEDIUM

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
freedesktop dbus *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 19.10
canonical ubuntu_linux 20.04
canonical ubuntu_linux 14.04
CVE-2020-16126 LOW

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
security@ubuntu.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
freedesktop accountsservice *
CVE-2020-16127 LOW

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 1.3 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-835,

Products Affected

Vendor Product Version
freedesktop accountsservice *
CVE-2020-18839

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 0.75.0
CVE-2020-23804

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
freedesktop poppler 0.89.0
debian debian_linux 10.0
CVE-2020-27748 MEDIUM

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-201,

Products Affected

Vendor Product Version
freedesktop xdg-utils *
CVE-2020-27778 MEDIUM

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
freedesktop poppler *
debian debian_linux 10.0
redhat enterprise_linux 8.0
CVE-2020-35512 HIGH

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freedesktop dbus 1.12.20
CVE-2020-35702 MEDIUM

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freedesktop poppler 20.12.1
CVE-2020-36023

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 20.12.1
CVE-2020-36024

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 20.12.1
CVE-2021-30860 MEDIUM

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
apple mac_os_x *
xpdfreader xpdf *
freedesktop poppler *
apple watchos *
apple iphone_os *
apple ipados *
apple macos *
apple mac_os_x 10.15.7
CVE-2021-3185 HIGH

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-787,

Products Affected

Vendor Product Version
freedesktop gst-plugins-bad *
CVE-2022-1215 HIGH

A format string vulnerability was found in libinput

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,CWE-134,

Products Affected

Vendor Product Version
freedesktop libinput *
freedesktop libinput 1.20.0
CVE-2022-27337 MEDIUM

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 36
debian debian_linux 11.0
freedesktop poppler 22.03.0
CVE-2022-31782 MEDIUM

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freedesktop freetype_demo_programs *
CVE-2022-37050

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 22.07.0
debian debian_linux 10.0
CVE-2022-37051

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 22.07.0
debian debian_linux 10.0
CVE-2022-37052

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 22.07.0
CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
freedesktop poppler *
xpdfreader xpdf 4.04
CVE-2022-38349

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler 22.08.0
CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 35
freedesktop poppler *
debian debian_linux 10.0
fedoraproject fedora 36
debian debian_linux 11.0
fedoraproject fedora 37
CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

Products Affected

Vendor Product Version
freedesktop xdg-utils *
CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Products Affected

Vendor Product Version
freedesktop dbus *
fedoraproject fedora 35
d-bus_project d-bus *
fedoraproject fedora 36
fedoraproject fedora 37
CVE-2022-42011

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Products Affected

Vendor Product Version
freedesktop dbus *
fedoraproject fedora 35
d-bus_project d-bus *
fedoraproject fedora 36
fedoraproject fedora 37
CVE-2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Products Affected

Vendor Product Version
freedesktop dbus *
fedoraproject fedora 35
d-bus_project d-bus *
fedoraproject fedora 36
fedoraproject fedora 37
CVE-2023-34872

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2023-34969

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

Products Affected

Vendor Product Version
freedesktop dbus *
debian debian_linux 10.0
fedoraproject fedora 38
CVE-2024-56378

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
freedesktop poppler *
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@mitre.org 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.5 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

Products Affected

Vendor Product Version
freedesktop poppler *
CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
redhat enterprise_linux 10.0
freedesktop udisks 2.0.0
CVE-2026-26104

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 10.0
freedesktop udisks 2.0.0
CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
freedesktop libinput *
fedoraproject fedora 43
fedoraproject fedora 44