Filtered by vendor Freedesktop
Subscriptions
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9775 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | ||||
| CVE-2017-14977 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
| The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | ||||
| CVE-2016-2568 | 2 Freedesktop, Redhat | 2 Polkit, Enterprise Linux | 2025-04-20 | 7.8 High |
| pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | ||||
| CVE-2017-14928 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | 5.5 Medium |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | ||||
| CVE-2017-14975 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
| The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | ||||
| CVE-2017-7511 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | ||||
| CVE-2017-14520 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | ||||
| CVE-2017-14927 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | ||||
| CVE-2017-9406 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
| In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2017-9776 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
| CVE-2017-2820 | 1 Freedesktop | 1 Poppler | 2025-04-20 | 8.8 High |
| An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. | ||||
| CVE-2017-9408 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
| In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2017-14517 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | ||||
| CVE-2014-0004 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Udisks, Enterprise Linux | 2025-04-12 | N/A |
| Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. | ||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2025-04-12 | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
| CVE-2014-3635 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2025-04-12 | N/A |
| Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. | ||||
| CVE-2014-3477 | 2 D-bus Project, Freedesktop | 2 D-bus, Dbus | 2025-04-12 | 4 Medium |
| The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. | ||||
| CVE-2015-8868 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. | ||||
| CVE-2014-7824 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Dbus and 1 more | 2025-04-12 | N/A |
| D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. | ||||
| CVE-2014-3639 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2025-04-12 | N/A |
| The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. | ||||