poppler-qt (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package poppler-qt, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (41)
CVE-2019-9631 — CVSS 9.8 (critical): Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9545 — CVSS 8.8 (high): An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be…
CVE-2019-10872 — CVSS 8.8 (high): An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at…
CVE-2019-12293 — CVSS 8.8 (high): In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent…
CVE-2019-7310 — CVSS 7.8 (high): In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows…
CVE-2022-38784 — CVSS 7.8 (high): Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in…
CVE-2019-13283 — CVSS 7.8 (high): In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not…
CVE-2019-16115 — CVSS 7.8 (high): In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by…
CVE-2019-14494 — CVSS 7.5 (high): An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at…
CVE-2020-27778 — CVSS 7.5 (high): A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a…
CVE-2020-23804 — CVSS 7.5 (high): Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2024-47850 — CVSS 7.5 (high): CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet…
CVE-2019-9959 — CVSS 6.5 (medium): The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer…
CVE-2022-38349 — CVSS 6.5 (medium): An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because…
CVE-2018-13988 — CVSS 6.5 (medium): Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space…
CVE-2018-16646 — CVSS 6.5 (medium): In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can…
CVE-2018-18897 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by…
CVE-2018-19058 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in…
CVE-2018-19059 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service…
CVE-2018-19060 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as…
CVE-2018-19149 — CVSS 6.5 (medium): Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachmen…
CVE-2018-20481 — CVSS 6.5 (medium): XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service…
CVE-2018-20650 — CVSS 6.5 (medium): A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the…
CVE-2018-20662 — CVSS 6.5 (medium): In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT…
CVE-2019-10871 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at…
CVE-2019-9903 — CVSS 6.5 (medium): PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find()…
CVE-2020-36023 — CVSS 6.5 (medium): An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf…
CVE-2022-27337 — CVSS 6.5 (medium): A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-37050 — CVSS 6.5 (medium): In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by…
CVE-2022-37051 — CVSS 6.5 (medium): An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in…
CVE-2022-37052 — CVSS 6.5 (medium): A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2018-18456 — CVSS 5.5 (medium): The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of…
CVE-2020-36024 — CVSS 5.5 (medium): An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf…
CVE-2018-18454 — CVSS 5.5 (medium): CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via…
CVE-2017-18267 — CVSS 5.5 (medium): The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service…
CVE-2019-14292 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for…
CVE-2019-13287 — CVSS 5.5 (medium): In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc…
CVE-2024-47176 — CVSS 5.3 (medium): CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not…
CVE-2024-4141 — CVSS 2.9 (low): Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds…