poppler
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | PDF rendering library based on xpdf 3.0 |
| Version | 24.09.0-4 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2812 | 22.08.0-1 | 22.08.0-2 | Unknown | Fixed | |
| AVG-1382 | 20.12.1-1 | 21.01.0-1 | High | Fixed | |
| AVG-869 | 0.73.0-1 | 0.74.0-1 | Low | Fixed | |
| AVG-326 | 0.55.0-3 | 0.56.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-38784 | AVG-2812 | Unknown | Unknown | Unknown | Unknown |
| CVE-2022-27337 | AVG-2812 | Unknown | Unknown | Unknown | Unknown |
| CVE-2020-35702 | AVG-1382 | High | No | Arbitrary code execution | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap- based buffer overflow via a crafted PDF document. |
| CVE-2019-7310 | AVG-869 | Low | Yes | Denial of service | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to... |
| CVE-2017-9776 | AVG-326 | High | Yes | Arbitrary code execution | Integer overflow leading to heap overflow in JBIG2Stream.cc. |
| CVE-2017-9775 | AVG-326 | Medium | Yes | Arbitrary code execution | A stack buffer overflow in has been found in GfxState.cc's module of poppler. Due to some restrictions in the lines after the bug, an attacker can't control... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 04 Jan 2021 | ASA-202101-3 | AVG-1382 | High | arbitrary code execution |
| 26 Jun 2017 | ASA-201706-33 | AVG-326 | High | arbitrary code execution |