poppler (SUSE:Linux Enterprise High Performance Computing 15-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15-LTSS package poppler, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (21)
CVE-2019-9631 — CVSS 9.8 (critical): Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9200 — CVSS 8.8 (high): A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered…
CVE-2019-10872 — CVSS 8.8 (high): An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at…
CVE-2019-7310 — CVSS 7.8 (high): In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows…
CVE-2019-14494 — CVSS 7.5 (high): An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at…
CVE-2020-27778 — CVSS 7.5 (high): A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a…
CVE-2018-19060 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as…
CVE-2018-19149 — CVSS 6.5 (medium): Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachmen…
CVE-2018-20481 — CVSS 6.5 (medium): XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service…
CVE-2018-20551 — CVSS 6.5 (medium): A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich…
CVE-2018-20662 — CVSS 6.5 (medium): In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT…
CVE-2019-10871 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at…
CVE-2019-9903 — CVSS 6.5 (medium): PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find()…
CVE-2019-9959 — CVSS 6.5 (medium): The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer…
CVE-2018-20650 — CVSS 6.5 (medium): A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the…
CVE-2018-13988 — CVSS 6.5 (medium): Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space…
CVE-2018-16646 — CVSS 6.5 (medium): In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can…
CVE-2018-18897 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by…
CVE-2018-19058 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in…
CVE-2018-19059 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service…
CVE-2017-18267 — CVSS 5.5 (medium): The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service…