Information on source package poppler

Available versions

ReleaseVersion
jessie0.26.5-2+deb8u16
stretch0.48.0-2+deb9u6
stretch (security)0.48.0-2+deb9u4
buster0.71.0-5+deb10u3
bullseye20.09.0-3.1+deb11u1
bookworm22.12.0-2
trixie24.08.0-3
sid24.08.0-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-34872fixedfixedfixedfixedvulnerable (no DSA)fixedfixedA vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a re ...
CVE-2022-38349vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAn issue was discovered in Poppler 22.08.0. There is a reachable asser ...
CVE-2022-37052vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA reachable Object::getString assertion in Poppler 22.07.0 allows atta ...
CVE-2022-37051vulnerable (no DSA)vulnerable (no DSA)fixedvulnerable (no DSA)fixedfixedfixedAn issue was discovered in Poppler 22.07.0. There is a reachable abort ...
CVE-2022-37050vulnerable (no DSA)vulnerable (no DSA)fixedvulnerable (no DSA)fixedfixedfixedIn Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...
CVE-2020-36024fixedfixedfixedvulnerable (no DSA)fixedfixedfixedAn issue was discovered in freedesktop poppler version 20.12.1, allows ...
CVE-2020-36023fixedfixedfixedvulnerable (no DSA)fixedfixedfixedAn issue was discovered in freedesktop poppler version 20.12.1, allows ...
CVE-2020-23804vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedUncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allow ...
CVE-2019-11026vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedFontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...
CVE-2019-10871vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, ignored)fixedfixedfixedfixedAn issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...
CVE-2019-9903fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedPDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...
CVE-2019-9545vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableAn issue was discovered in Poppler 0.74.0. A recursive function call, ...
CVE-2019-9543vulnerable (no DSA, postponed)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableAn issue was discovered in Poppler 0.74.0. A recursive function call, ...
CVE-2018-20551fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA reachable Object::getString assertion in Poppler 0.72.0 allows attac ...
CVE-2017-14929vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedIn Poppler 0.59.0, memory corruption occurs in a call to Object::dictL ...
CVE-2017-14617vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn Poppler 0.59.0, a floating point exception occurs in the ImageStrea ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-6239vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA flaw was found in the Poppler's Pdfinfo utility. This issue occurs w ...
CVE-2022-24106vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing ...
CVE-2018-19149vulnerablevulnerablefixedfixedfixedfixedfixedPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...
CVE-2018-19060vulnerablevulnerablevulnerablefixedfixedfixedfixedAn issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...
CVE-2018-19059vulnerablevulnerablevulnerablefixedfixedfixedfixedAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...
CVE-2017-9083vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablepoppler 0.54.0, as used in Evince and other products, has a NULL point ...
CVE-2017-7515vulnerablevulnerablefixedfixedfixedfixedfixedpoppler through version 0.55.0 is vulnerable to an uncontrolled recurs ...
CVE-2017-7511vulnerablevulnerablefixedfixedfixedfixedfixedpoppler since version 0.17.3 has been vulnerable to NULL pointer deref ...
CVE-2017-2820vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn exploitable integer overflow vulnerability exists in the JPEG 2000 ...
CVE-2017-2818vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn exploitable heap overflow vulnerability exists in the image renderi ...
CVE-2017-2814vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn exploitable heap overflow vulnerability exists in the image renderi ...
CVE-2013-4472vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...

Resolved issues

BugDescription
CVE-2022-38784Poppler prior to and including 22.08.0 contains an integer overflow in ...
CVE-2022-27337A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...
CVE-2021-40226xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2020-35702DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...
CVE-2020-27778A flaw was found in Poppler in the way certain PDF files were converte ...
CVE-2020-18839Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 ...
CVE-2019-14494An issue was discovered in Poppler through 0.78.0. There is a divide-b ...
CVE-2019-12957In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C:: ...
CVE-2019-12493A stack-based buffer over-read exists in PostScriptFunction::transform ...
CVE-2019-12360A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...
CVE-2019-12293In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...
CVE-2019-10873An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...
CVE-2019-10872An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...
CVE-2019-10018An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-9959The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...
CVE-2019-9631Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...
CVE-2019-9200A heap-based buffer underwrite exists in ImageStream::getLine() locate ...
CVE-2019-7310In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...
CVE-2018-21009Poppler before 0.66.0 has an integer overflow in Parser::makeStream in ...
CVE-2018-20662In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...
CVE-2018-20650A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...
CVE-2018-20481XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRe ...
CVE-2018-19058An issue was discovered in Poppler 0.71.0. There is a reachable abort ...
CVE-2018-18897An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...
CVE-2018-16646In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may caus ...
CVE-2018-13988Poppler through 0.62 contains an out of bounds read vulnerability due ...
CVE-2018-10768There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...
CVE-2017-1000456freedesktop.org libpoppler 0.60.1 fails to validate boundaries in Text ...
CVE-2017-18267The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler thr ...
CVE-2017-15565In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageCo ...
CVE-2017-14977The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0 ...
CVE-2017-14976The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...
CVE-2017-14975The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...
CVE-2017-14928In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...
CVE-2017-14927In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutp ...
CVE-2017-14926In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...
CVE-2017-14520In Poppler 0.59.0, a floating point exception occurs in Splash::scaleI ...
CVE-2017-14519In Poppler 0.59.0, memory corruption occurs in a call to Object::strea ...
CVE-2017-14518In Poppler 0.59.0, a floating point exception exists in the isImageInt ...
CVE-2017-14517In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::pars ...
CVE-2017-9865The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54. ...
CVE-2017-9776Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...
CVE-2017-9775Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0 ...
CVE-2017-9408In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...
CVE-2017-9406In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...
CVE-2015-8868Heap-based buffer overflow in the ExponentialFunction::ExponentialFunc ...
CVE-2013-7296The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler befo ...
CVE-2013-4474Format string vulnerability in the extractPages function in utils/pdfs ...
CVE-2013-4473Stack-based buffer overflow in the extractPages function in utils/pdfs ...
CVE-2013-1790poppler/Stream.cc in poppler before 0.22.1 allows context-dependent at ...
CVE-2013-1789splash/Splash.cc in poppler before 0.22.1 allows context-dependent att ...
CVE-2013-1788poppler before 0.22.1 allows context-dependent attackers to cause a de ...
CVE-2012-2142The error function in Error.cc in poppler before 0.21.4 allows remote ...
CVE-2011-1554Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3. ...
CVE-2011-1553Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xp ...
CVE-2011-1552t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...
CVE-2011-0764t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...
CVE-2010-5110DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...
CVE-2010-4654poppler before 0.16.3 has malformed commands that may cause corruption ...
CVE-2010-4653An integer overflow condition in poppler before 0.16.3 can occur when ...
CVE-2010-3704The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser i ...
CVE-2010-3703The PostScriptFunction::PostScriptFunction function in poppler/Functio ...
CVE-2010-3702The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, pop ...
CVE-2010-0207In xpdf, the xref table contains an infinite loop which allows remote ...
CVE-2010-0206xpdf allows remote attackers to cause a denial of service (NULL pointe ...
CVE-2009-4035The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...
CVE-2009-3938Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOu ...
CVE-2009-3609Integer overflow in the ImageStream::ImageStream function in Stream.cc ...
CVE-2009-3608Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...
CVE-2009-3607Integer overflow in the create_surface_from_thumbnail_data function in ...
CVE-2009-3606Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf bef ...
CVE-2009-3605Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...
CVE-2009-3604The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...
CVE-2009-3603Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3. ...
CVE-2009-1188Integer overflow in the JBIG2 decoding feature in the SplashBitmap::Sp ...
CVE-2009-1187Integer overflow in the JBIG2 decoding feature in Poppler before 0.10. ...
CVE-2009-1183The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earl ...
CVE-2009-1182Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...
CVE-2009-1181The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-1180The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-1179Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP ...
CVE-2009-0800Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...
CVE-2009-0799The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0756The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 a ...
CVE-2009-0755The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 a ...
CVE-2009-0166The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0147Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ea ...
CVE-2009-0146Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ear ...
CVE-2008-2950The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earl ...
CVE-2008-1693The CairoFont::create function in CairoFontEngine.cc in Poppler, possi ...
CVE-2007-5393Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...
CVE-2007-5392Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...
CVE-2007-4352Array index error in the DCTStream::readProgressiveDataUnit method in ...
CVE-2007-3387Integer overflow in the StreamPredictor::StreamPredictor function in x ...
CVE-2007-0104The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patc ...
CVE-2006-0301Heap-based buffer overflow in Splash.cc in xpdf, as used in other prod ...
CVE-2005-3627Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...
CVE-2005-3626Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...
CVE-2005-3625Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...
CVE-2005-3624The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpd ...
CVE-2005-3193Heap-based buffer overflow in the JPXStream::readCodestream function i ...
CVE-2005-3192Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.0 ...
CVE-2005-3191Multiple heap-based buffer overflows in the (1) DCTStream::readProgres ...
CVE-2005-2097xpdf and kpdf do not properly validate the "loca" table in PDF files, ...

Security announcements

DSA / DLADescription
DLA-3620-1poppler - security update
ELA-928-1poppler - security update
DLA-3528-1poppler - security update
ELA-689-1poppler - security update
DLA-3120-1poppler - security update
DSA-5224-1poppler - security update
DLA-2440-1poppler - security update
ELA-302-1poppler - security update
DLA-2287-1poppler - security update
DLA-1963-2poppler - regression update
DLA-1963-1poppler - security update
DLA-1939-1poppler - security update
DLA-1815-1poppler - security update
DLA-1752-1poppler - security update
DLA-1706-1poppler - security update
DLA-1562-3poppler - regression update
DLA-1562-2poppler - security update
DLA-1562-1poppler - security update
DSA-4079-2poppler - regression update
DSA-4097-1poppler - security update
DSA-4079-1poppler - security update
DLA-1228-1poppler - security update
DLA-1177-1poppler - security update
DLA-1116-1poppler - security update
DLA-1074-1poppler - security update
DSA-3563-1poppler - security update
DLA-446-1poppler - security update
DLA-24-1poppler - security update
DSA-2719-1poppler - multiple issues
DSA-2119-1poppler - several vulnerabilities
DSA-1941-1poppler - several vulnerabilities
DSA-1606-1poppler - execution of arbitrary code
DSA-1480-1poppler - several vulnerabilities
DSA-1348-1poppler

Search for package or bug name: Reporting problems