Search CVE reports
21 – 30 of 197 results
CVE-2020-24996
Medium priorityThere is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a...
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2012-2142
Low priorityThe error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
2 affected packages
poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| poppler | — | — | — | — | Not affected |
| xpdf | — | — | — | — | Not affected |
CVE-2010-4654
Medium prioritypoppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
5 affected packages
ipe, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| koffice | Not in release | Not in release | Not in release | Not in release | Not in release |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected | Needs evaluation |
CVE-2010-4653
Low priorityAn integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
5 affected packages
ipe, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | — | — | Not affected | Not affected | Not affected |
| koffice | — | — | Not in release | Not in release | Not in release |
| libextractor | — | — | Not affected | Not affected | Not affected |
| poppler | — | — | Not affected | Not affected | Not affected |
| xpdf | — | — | Not in release | Not affected | Not affected |
CVE-2010-0207
Negligible priorityIn xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
6 affected packages
ipe, kdegraphics, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| poppler | — | — | — | — | — |
| xpdf | — | — | — | — | — |
CVE-2010-0206
Negligible priorityxpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
6 affected packages
ipe, kdegraphics, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | — | — | — | — | — |
| kdegraphics | — | — | — | — | — |
| koffice | — | — | — | — | — |
| libextractor | — | — | — | — | — |
| poppler | — | — | — | — | — |
| xpdf | — | — | — | — | — |
CVE-2019-17064
Medium priorityCatalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2019-16927
Medium priorityXpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2019-16115
Medium priorityIn Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the...
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2019-16088
Medium priorityXpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.
3 affected packages
ipe, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |