Search CVE reports
21 – 30 of 203 results
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to...
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the...
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | — | — | Not affected | Not affected |
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the...
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | — | — | Not affected | Fixed |
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3...
3 affected packages
poppler, ipe, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xpdf | Not affected | Not affected | Not in release | Not affected |
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service...
3 affected packages
poppler, ipe, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xpdf | Not affected | Not affected | Not in release | Not affected |
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a...
3 affected packages
poppler, ipe, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xpdf | Not affected | Not affected | Not in release | Not affected |
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
2 affected packages
xpdf, poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xpdf | — | — | — | — |
| poppler | — | — | — | — |
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
5 affected packages
koffice, ipe, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| koffice | Not in release | Not in release | Not in release | Not in release |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
5 affected packages
ipe, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | — | — | Not affected | Not affected |
| koffice | — | — | Not in release | Not in release |
| libextractor | — | — | Not affected | Not affected |
| poppler | — | — | Not affected | Not affected |
| xpdf | — | — | Not in release | Not affected |