| Bug | jessie | stretch | buster | sid | Description |
|---|
| CVE-2018-20662 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | vulnerable | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause ... |
| CVE-2018-20650 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | vulnerable | A reachable Object::dictLookup assertion in Poppler 0.72.0 allows ... |
| CVE-2018-20551 | fixed | vulnerable (no DSA, ignored) | vulnerable | vulnerable | A reachable Object::getString assertion in Poppler 0.72.0 allows ... |
| CVE-2018-20481 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable | vulnerable | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef ... |
| CVE-2018-19058 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable | vulnerable | An issue was discovered in Poppler 0.71.0. There is a reachable abort ... |
| CVE-2018-18897 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable | vulnerable | An issue was discovered in Poppler 0.71.0. There is a memory leak in ... |
| CVE-2018-16646 | fixed | vulnerable (no DSA) | vulnerable | vulnerable | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause ... |
| CVE-2018-13988 | fixed | vulnerable (no DSA) | fixed | fixed | Poppler through 0.62 contains an out of bounds read vulnerability due ... |
| CVE-2017-18267 | fixed | vulnerable (no DSA) | fixed | fixed | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler ... |
| CVE-2017-14929 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | In Poppler 0.59.0, memory corruption occurs in a call to ... |
| CVE-2017-14928 | fixed | vulnerable (no DSA) | fixed | fixed | In Poppler 0.59.0, a NULL Pointer Dereference exists in ... |
| CVE-2017-14926 | fixed | vulnerable (no DSA) | fixed | fixed | In Poppler 0.59.0, a NULL Pointer Dereference exists in ... |
| CVE-2017-14617 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | In Poppler 0.59.0, a floating point exception occurs in the ImageStream ... |
| Bug | Description |
|---|
| CVE-2018-10768 | There is a NULL pointer dereference in the AnnotPath::getCoordsLength ... |
| CVE-2017-9865 | The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 ... |
| CVE-2017-9776 | Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ... |
| CVE-2017-9775 | Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before ... |
| CVE-2017-9408 | In Poppler 0.54.0, a memory leak vulnerability was found in the ... |
| CVE-2017-9406 | In Poppler 0.54.0, a memory leak vulnerability was found in the ... |
| CVE-2017-15565 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the ... |
| CVE-2017-14977 | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ... |
| CVE-2017-14976 | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ... |
| CVE-2017-14975 | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ... |
| CVE-2017-14927 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the ... |
| CVE-2017-14520 | In Poppler 0.59.0, a floating point exception occurs in ... |
| CVE-2017-14519 | In Poppler 0.59.0, memory corruption occurs in a call to ... |
| CVE-2017-14518 | In Poppler 0.59.0, a floating point exception exists in the ... |
| CVE-2017-14517 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the ... |
| CVE-2017-1000456 | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in ... |
| CVE-2015-8868 | Heap-based buffer overflow in the ... |
| CVE-2013-7296 | The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler ... |
| CVE-2013-4474 | Format string vulnerability in the extractPages function in ... |
| CVE-2013-4473 | Stack-based buffer overflow in the extractPages function in ... |
| CVE-2013-1790 | poppler/Stream.cc in poppler before 0.22.1 allows context-dependent ... |
| CVE-2013-1789 | splash/Splash.cc in poppler before 0.22.1 allows context-dependent ... |
| CVE-2013-1788 | poppler before 0.22.1 allows context-dependent attackers to cause a ... |
| CVE-2012-2142 | Insufficient sanitization of escape sequences in the error message |
| CVE-2011-1554 | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ... |
| CVE-2011-1553 | Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ... |
| CVE-2011-1552 | t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ... |
| CVE-2011-0764 | t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ... |
| CVE-2010-5110 | DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ... |
| CVE-2010-4654 | Malformed commands may cause corruption of the internal stack |
| CVE-2010-4653 | integer overflow when parsing CharCodes for fonts |
| CVE-2010-3704 | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ... |
| CVE-2010-3703 | The PostScriptFunction::PostScriptFunction function in ... |
| CVE-2010-3702 | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ... |
| CVE-2010-0207 | xpdf: XRef table parsing infinite loop |
| CVE-2010-0206 | xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects |
| CVE-2009-4035 | The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ... |
| CVE-2009-3938 | Buffer overflow in the ABWOutputDev::endWord function in ... |
| CVE-2009-3609 | Integer overflow in the ImageStream::ImageStream function in Stream.cc ... |
| CVE-2009-3608 | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ... |
| CVE-2009-3607 | Integer overflow in the create_surface_from_thumbnail_data function in ... |
| CVE-2009-3606 | Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ... |
| CVE-2009-3605 | Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ... |
| CVE-2009-3604 | The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ... |
| CVE-2009-3603 | Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ... |
| CVE-2009-1188 | Integer overflow in the JBIG2 decoding feature in the ... |
| CVE-2009-1187 | Integer overflow in the JBIG2 decoding feature in Poppler before ... |
| CVE-2009-1183 | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ... |
| CVE-2009-1182 | Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ... |
| CVE-2009-1181 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ... |
| CVE-2009-1180 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ... |
| CVE-2009-1179 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ... |
| CVE-2009-0800 | Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ... |
| CVE-2009-0799 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ... |
| CVE-2009-0756 | The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ... |
| CVE-2009-0755 | The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ... |
| CVE-2009-0166 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ... |
| CVE-2009-0147 | Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ... |
| CVE-2009-0146 | Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ... |
| CVE-2008-2950 | The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ... |
| CVE-2008-1693 | The CairoFont::create function in CairoFontEngine.cc in Poppler, ... |
| CVE-2007-5393 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ... |
| CVE-2007-5392 | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ... |
| CVE-2007-4352 | Array index error in the DCTStream::readProgressiveDataUnit method in ... |
| CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in ... |
| CVE-2007-0104 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ... |
| CVE-2006-0301 | Heap-based buffer overflow in Splash.cc in xpdf, as used in other ... |
| CVE-2005-3627 | Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ... |
| CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ... |
| CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ... |
| CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ... |
| CVE-2005-3193 | Heap-based buffer overflow in the JPXStream::readCodestream function ... |
| CVE-2005-3192 | Heap-based buffer overflow in the StreamPredictor function in Xpdf ... |
| CVE-2005-3191 | Multiple heap-based buffer overflows in the (1) ... |
| CVE-2005-2097 | xpdf and kpdf do not properly validate the "loca" table in PDF files, ... |