Every CVE whose affected-product data names Freedesktop Poppler, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (88)
CVE-2019-9631 — CVSS 9.8 (critical): Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9545 — CVSS 8.8 (high): An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be…
CVE-2019-9543 — CVSS 8.8 (high): An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be…
CVE-2017-15565 — CVSS 8.8 (high): In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF…
CVE-2019-9200 — CVSS 8.8 (high): A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered…
CVE-2019-10872 — CVSS 8.8 (high): An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at…
CVE-2017-2820 — CVSS 8.8 (high): An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A…
CVE-2017-1000456 — CVSS 8.8 (high): freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
CVE-2019-12293 — CVSS 8.8 (high): In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent…
CVE-2012-2142 — CVSS 7.8 (high): The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an…
CVE-2019-7310 — CVSS 7.8 (high): In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows…
CVE-2022-38784 — CVSS 7.8 (high): Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in…
CVE-2022-38171 — CVSS 7.8 (high): Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc)…
CVE-2020-35702 — CVSS 7.8 (high): DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports…
CVE-2015-8868 — CVSS 7.8 (high): Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to…
CVE-2017-14518 — CVSS 7.8 (high): In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
CVE-2017-14520 — CVSS 7.8 (high): In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when…
CVE-2017-14617 — CVSS 7.8 (high): In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when…
CVE-2010-4654 — CVSS 7.8 (high): poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
CVE-2017-9776 — CVSS 7.8 (high): Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a…
CVE-2020-23804 — CVSS 7.5 (high): Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2017-14929 — CVSS 7.5 (high): In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display…
CVE-2017-14975 — CVSS 7.5 (high): The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data…
CVE-2017-14976 — CVSS 7.5 (high): The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an…
CVE-2017-14977 — CVSS 7.5 (high): The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of…
CVE-2017-14519 — CVSS 7.5 (high): In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display…
CVE-2020-27778 — CVSS 7.5 (high): A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a…
CVE-2017-2814 — CVSS 7.5 (high): An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can…
CVE-2017-2818 — CVSS 7.5 (high): An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can…
CVE-2013-4473 — CVSS 7.5 (high): Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause…
CVE-2010-3702 — CVSS 7.5 (high): The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS…
CVE-2024-6239 — CVSS 7.5 (high): A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain…
CVE-2019-14494 — CVSS 7.5 (high): An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at…
CVE-2013-1790 — CVSS 6.8 (medium): poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read…
CVE-2013-1788 — CVSS 6.8 (medium): poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via…
CVE-2007-3387 — CVSS 6.8 (medium): Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before…
CVE-2019-9959 — CVSS 6.5 (medium): The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer…
CVE-2010-4653 — CVSS 6.5 (medium): An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVE-2017-9083 — CVSS 6.5 (medium): poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc…
CVE-2017-9406 — CVSS 6.5 (medium): In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of…
CVE-2017-9408 — CVSS 6.5 (medium): In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a…
CVE-2017-9775 — CVSS 6.5 (medium): Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application…
CVE-2018-10768 — CVSS 6.5 (medium): There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A…
CVE-2018-13988 — CVSS 6.5 (medium): Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space…
CVE-2018-16646 — CVSS 6.5 (medium): In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can…
CVE-2018-18897 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by…
CVE-2018-19058 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in…
CVE-2018-19059 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service…
CVE-2018-19060 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as…
CVE-2018-19149 — CVSS 6.5 (medium): Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachmen…
CVE-2018-20481 — CVSS 6.5 (medium): XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service…
CVE-2018-20551 — CVSS 6.5 (medium): A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich…
CVE-2018-20650 — CVSS 6.5 (medium): A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the…
CVE-2018-20662 — CVSS 6.5 (medium): In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT…
CVE-2019-10871 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at…
CVE-2019-10873 — CVSS 6.5 (medium): An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at…
CVE-2019-11026 — CVSS 6.5 (medium): FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
CVE-2019-9903 — CVSS 6.5 (medium): PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find()…
CVE-2020-18839 — CVSS 6.5 (medium): Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
CVE-2020-36023 — CVSS 6.5 (medium): An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf…
CVE-2022-27337 — CVSS 6.5 (medium): A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-37050 — CVSS 6.5 (medium): In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by…
CVE-2022-37051 — CVSS 6.5 (medium): An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in…
CVE-2022-37052 — CVSS 6.5 (medium): A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2022-38349 — CVSS 6.5 (medium): An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because…
CVE-2025-50420 — CVSS 6.5 (medium): An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted…
CVE-2025-52886 — CVSS 5.9 (medium): Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is…
CVE-2017-14926 — CVSS 5.5 (medium): In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
CVE-2020-36024 — CVSS 5.5 (medium): An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf…
CVE-2017-9865 — CVSS 5.5 (medium): The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based…
CVE-2017-7515 — CVSS 5.5 (medium): poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
CVE-2017-7511 — CVSS 5.5 (medium): poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
CVE-2017-18267 — CVSS 5.5 (medium): The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service…
CVE-2017-14928 — CVSS 5.5 (medium): In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
CVE-2017-14927 — CVSS 5.5 (medium): In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF…
CVE-2023-34872 — CVSS 5.5 (medium): A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a…
CVE-2017-14517 — CVSS 5.5 (medium): In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
CVE-2013-4474 — CVSS 5.0 (medium): Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause…
CVE-2013-7296 — CVSS 5.0 (medium): The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string…
CVE-2010-5110 — CVSS 4.3 (medium): DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2024-56378 — CVSS 4.3 (medium): libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
CVE-2013-1789 — CVSS 4.3 (medium): splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and…
CVE-2025-43903 — CVSS 4.3 (medium): NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential…
CVE-2025-32364 — CVSS 4.0 (medium): A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling…
CVE-2025-32365 — CVSS 4.0 (medium): Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc…
CVE-2013-4472 — CVSS 3.3 (low): The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local…