Information on source package poppler

Available versions

ReleaseVersion
wheezy0.18.4-6
wheezy (security)0.18.4-6+deb7u4
jessie (security)0.26.5-2+deb8u1
stretch0.48.0-2
buster0.57.0-2
sid0.57.0-2

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-9865fixedvulnerablevulnerablefixedfixedThe function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 ...
CVE-2017-9776fixedvulnerablevulnerablefixedfixedInteger overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...
CVE-2017-9775fixedvulnerablevulnerablefixedfixedStack buffer overflow in GfxState.cc in pdftocairo in Poppler before ...
CVE-2017-9408fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedIn Poppler 0.54.0, a memory leak vulnerability was found in the ...
CVE-2017-9406fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedIn Poppler 0.54.0, a memory leak vulnerability was found in the ...
CVE-2017-15565fixedvulnerablevulnerablevulnerablevulnerableIn Poppler 0.59.0, a NULL Pointer Dereference exists in the ...
CVE-2017-14977fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ...
CVE-2017-14976fixedvulnerablevulnerablevulnerablevulnerableThe FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...
CVE-2017-14975fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...
CVE-2017-14929vulnerable (no DSA, ignored)vulnerablevulnerablevulnerablevulnerableIn Poppler 0.59.0, memory corruption occurs in a call to ...
CVE-2017-14928fixedfixedvulnerable (no DSA)vulnerablevulnerableIn Poppler 0.59.0, a NULL Pointer Dereference exists in ...
CVE-2017-14927fixedfixedfixedvulnerablevulnerableIn Poppler 0.59.0, a NULL Pointer Dereference exists in the ...
CVE-2017-14926fixedfixedvulnerable (no DSA)vulnerablevulnerableIn Poppler 0.59.0, a NULL Pointer Dereference exists in ...
CVE-2017-14617fixedvulnerablevulnerablevulnerablevulnerableIn Poppler 0.59.0, a floating point exception occurs in the ImageStream ...
CVE-2017-14520fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn Poppler 0.59.0, a floating point exception occurs in ...
CVE-2017-14519fixedvulnerablevulnerablevulnerablevulnerableIn Poppler 0.59.0, memory corruption occurs in a call to ...
CVE-2017-14518fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn Poppler 0.59.0, a floating point exception exists in the ...
CVE-2017-14517fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn Poppler 0.59.0, a NULL Pointer Dereference exists in the ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-9083vulnerablevulnerablevulnerablevulnerablevulnerablepoppler 0.54.0, as used in Evince and other products, has a NULL ...
CVE-2017-7515vulnerablevulnerablevulnerablefixedfixedpoppler through version 0.55.0 is vulnerable to an uncontrolled ...
CVE-2017-7511vulnerablevulnerablevulnerablefixedfixedpoppler since version 0.17.3 has been vulnerable to NULL pointer ...
CVE-2017-2820vulnerablevulnerablevulnerablevulnerablevulnerableAn exploitable integer overflow vulnerability exists in the JPEG 2000 ...
CVE-2017-2818vulnerablevulnerablevulnerablevulnerablevulnerableAn exploitable heap overflow vulnerability exists in the image ...
CVE-2017-2814vulnerablevulnerablevulnerablevulnerablevulnerableAn exploitable heap overflow vulnerability exists in the image ...
CVE-2013-4472vulnerablevulnerablevulnerablevulnerablevulnerableThe openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...
CVE-2012-2142vulnerablefixedfixedfixedfixedInsufficient sanitization of escape sequences in the error message

Resolved issues

BugDescription
CVE-2015-8868Heap-based buffer overflow in the ...
CVE-2013-7296The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler ...
CVE-2013-4474Format string vulnerability in the extractPages function in ...
CVE-2013-4473Stack-based buffer overflow in the extractPages function in ...
CVE-2013-1790poppler/Stream.cc in poppler before 0.22.1 allows context-dependent ...
CVE-2013-1789splash/Splash.cc in poppler before 0.22.1 allows context-dependent ...
CVE-2013-1788poppler before 0.22.1 allows context-dependent attackers to cause a ...
CVE-2011-1554Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...
CVE-2011-1553Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...
CVE-2011-1552t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ...
CVE-2011-0764t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ...
CVE-2010-5110DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...
CVE-2010-4654Malformed commands may cause corruption of the internal stack
CVE-2010-4653integer overflow when parsing CharCodes for fonts
CVE-2010-3704The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...
CVE-2010-3703The PostScriptFunction::PostScriptFunction function in ...
CVE-2010-3702The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...
CVE-2010-0207xpdf: XRef table parsing infinite loop
CVE-2010-0206xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects
CVE-2009-4035The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...
CVE-2009-3938Buffer overflow in the ABWOutputDev::endWord function in ...
CVE-2009-3609Integer overflow in the ImageStream::ImageStream function in Stream.cc ...
CVE-2009-3608Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...
CVE-2009-3607Integer overflow in the create_surface_from_thumbnail_data function in ...
CVE-2009-3606Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...
CVE-2009-3605Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...
CVE-2009-3604The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...
CVE-2009-3603Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...
CVE-2009-1188Integer overflow in the JBIG2 decoding feature in the ...
CVE-2009-1187Integer overflow in the JBIG2 decoding feature in Poppler before ...
CVE-2009-1183The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...
CVE-2009-1182Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...
CVE-2009-1181The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-1180The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-1179Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...
CVE-2009-0800Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...
CVE-2009-0799The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0756The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...
CVE-2009-0755The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...
CVE-2009-0166The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0147Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...
CVE-2009-0146Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...
CVE-2008-2950The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ...
CVE-2008-1693The CairoFont::create function in CairoFontEngine.cc in Poppler, ...
CVE-2007-5393Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...
CVE-2007-5392Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...
CVE-2007-4352Array index error in the DCTStream::readProgressiveDataUnit method in ...
CVE-2007-3387Integer overflow in the StreamPredictor::StreamPredictor function in ...
CVE-2007-0104The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...
CVE-2006-0301Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...
CVE-2005-3627Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...
CVE-2005-3626Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...
CVE-2005-3625Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...
CVE-2005-3624The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...
CVE-2005-3193Heap-based buffer overflow in the JPXStream::readCodestream function ...
CVE-2005-3192Heap-based buffer overflow in the StreamPredictor function in Xpdf ...
CVE-2005-3191Multiple heap-based buffer overflows in the (1) ...
CVE-2005-2097xpdf and kpdf do not properly validate the "loca" table in PDF files, ...

Security announcements

DSA / DLADescription
DLA-1177-1poppler - security update
DLA-1116-1poppler - security update
DLA-1074-1poppler - security update
DSA-3563-1poppler - security update
DLA-446-1poppler - security update
DLA-24-1poppler - security update
DSA-2719-1poppler - multiple issues
DSA-2119-1poppler - several vulnerabilities
DSA-1941-1poppler - several vulnerabilities
DSA-1606-1poppler - execution of arbitrary code
DSA-1480-1poppler - several vulnerabilities
DSA-1348-1poppler

Search for package or bug name: Reporting problems