Filtered by vendor Freedesktop Subscriptions
Total 135 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-9776 3 Debian, Freedesktop, Redhat 9 Debian Linux, Poppler, Enterprise Linux and 6 more 2024-11-21 N/A
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9775 3 Debian, Freedesktop, Redhat 9 Debian Linux, Poppler, Enterprise Linux and 6 more 2024-11-21 N/A
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-9408 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 N/A
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9406 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 N/A
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9083 1 Freedesktop 1 Poppler 2024-11-21 N/A
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
CVE-2017-7515 1 Freedesktop 1 Poppler 2024-11-21 N/A
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
CVE-2017-7511 1 Freedesktop 1 Poppler 2024-11-21 N/A
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
CVE-2017-6355 1 Freedesktop 1 Virglrenderer 2024-11-21 N/A
Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.
CVE-2017-2820 1 Freedesktop 1 Poppler 2024-11-21 8.8 High
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
CVE-2017-2818 1 Freedesktop 1 Poppler 2024-11-21 N/A
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
CVE-2017-2814 1 Freedesktop 1 Poppler 2024-11-21 N/A
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
CVE-2017-2626 2 Freedesktop, Redhat 7 Libice, Enterprise Linux, Enterprise Linux Desktop and 4 more 2024-11-21 N/A
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
CVE-2017-18267 4 Canonical, Debian, Freedesktop and 1 more 8 Ubuntu Linux, Debian Linux, Poppler and 5 more 2024-11-21 N/A
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
CVE-2017-18266 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Xdg-utils 2024-11-21 N/A
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVE-2017-15565 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 N/A
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
CVE-2017-15131 2 Freedesktop, Redhat 2 Xdg-user-dirs, Enterprise Linux 2024-11-21 N/A
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
CVE-2017-14977 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 N/A
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
CVE-2017-14976 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 N/A
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
CVE-2017-14975 2 Debian, Freedesktop 2 Debian Linux, Poppler 2024-11-21 N/A
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
CVE-2017-14929 1 Freedesktop 1 Poppler 2024-11-21 N/A
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.