Search CVE reports
31 – 40 of 203 results
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an...
4 affected packages
poppler, xpdf, ipe, libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | — | Not affected | Not affected | Not affected |
| xpdf | — | Not affected | Not in release | Not affected |
| ipe | — | Not affected | Not affected | Not affected |
| libextractor | — | Not affected | Not affected | Not affected |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | — | — | — | Fixed |
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an...
6 affected packages
xpdf, ipe, libextractor, poppler, texlive-bin, utopia-documents
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xpdf | — | Not affected | Not in release | Not affected |
| ipe | — | Not affected | Not affected | Not affected |
| libextractor | — | Not affected | Not affected | Not affected |
| poppler | — | Not affected | Not affected | Not affected |
| texlive-bin | — | Not affected | Not affected | Not affected |
| utopia-documents | — | Not in release | Not in release | Not in release |
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service...
6 affected packages
texlive-bin, libextractor, ipe, xpdf, poppler, utopia-documents
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| ipe | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected |
| utopia-documents | Not in release | Not in release | Not in release | Not in release |
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service...
6 affected packages
texlive-bin, ipe, libextractor, poppler, utopia-documents, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ipe | Not affected | Not affected | Not affected | Not affected |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected |
| utopia-documents | Not in release | Not in release | Not in release | Not in release |
| xpdf | Not affected | Not affected | Not in release | Not affected |
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an...
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows...
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to...
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | — | — | — | Fixed |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified...
1 affected package
poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | — | — | — | Fixed |
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |